2
Good morning, everyone.
Maybe this is a basic question but I have a question on Linux that I could not find by searching on Google.
I have a Linux machine running a Nginx and with two users: marcos and alex.
What I want is for milestones to be able to link services in the /etc/systemd/system folder, start them, restart them and stop them but not stop other services (like Nginx itself, for example).
Alex needs to have access to the Nginx -s Reload command but cannot have access to the Nginx -s stop command.
How would the configuration of sudoers allow this framework? And this configuration would be safe?
You can create a script that runs the start/Reload commands of the services you want and only give permissions to some users
– Zumo de Vidrio
This is an interesting problem with a ready-made solution in Selinux: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-systemd_access_control
– Arthur Hess