How To Allow A Normal User To Run Commands As Root In Specific Directory In Linux

Everything can be possible in Linux. I have realized many times this, even today also we are going to discuss about such kind of topics.

Say for example, you want to allow a developer’s to run chown or chmod command in particular directory (Not only this commands), how to do that?

You may know, how to allow normal users to run commands as a root with sudo. This is global access, which allows user to perform this action in entire system.

It is a security issue, which allow normal users to perform most of the root actions using sudo. Hence, make sure you granted access to right user, otherwise he/she can damage your system badly.

So, how to overcome this? Yes, this can be done using the below methods.

Suggested Read :
(#) How To Allow A Normal User Or Group To Run Commands As Root In Linux
(#) How To Allow/Permit User To Access A Specific File or Folder In Linux Using ACL

Method-1 : How To Allow A User To Set Particular Permission To Specific Directory And Its Sub-directory

In this example we will teach you, how to allow a user to perform the particular permission to files or folders in a specific directory and its sub-directory in Linux.

Use the below example to allow Prakash user to set only 755 permission to opt directory and it’s sub directory.
It doesn’t allow a user to perform any action outside of this directory. Add the following entry in end of the visudo file.

# visudo
prakash ALL=(ALL) /bin/chmod 755 /opt/*

Before performing this, i just want to know the file permission to make sure this command will work as expected. test.txt file currently having 600 permission.

$ ls -lh /opt/test.txt
-rw-------  1 daygeek magesh   32 Dec  6 16:52 test.txt

This will fail and we need to give full path /opt/test.txt instead of file name test.txt.

$  sudo /bin/chmod 755 test.txt
[sudo] password for prakash:
Sorry, user prakash is not allowed to execute '/bin/chmod 755 test.txt' as root on centos.2daygeek.com.

Yes, now it’s ran successfully without any issue.

$ sudo /bin/chmod 755 /opt/test.txt
[sudo] password for prakash:

I’m going to check the file permission to confirm whether it got changed or not. Yes, it’s got changed to 755.

$ ls -lh /opt/test.txt
-rwxr-xr-x  1 daygeek magesh   32 Dec  6 16:52 test.txt

To double confirm on this, i’m going to run different permission on the same directory. Yes, i’m getting the following error. It means, this command is not allowing user to perform any action except allowed one.

$ sudo /bin/chmod 777 /opt/test.txt
[sudo] password for daygeek:
Sorry, user prakash is not allowed to execute '/bin/chmod 777 /opt/test.txt' as root on centos.2daygeek.com.

Method-2 : How To Allow A User To Set Particular Permission To Only Specific Directory

This will allow user to perform the particular permission to files or folders in a specific directory and It doesn’t allow user to perform any action in sub-directories.

Use the below example to allow Prakash user to set only 777 permission to only wikipedia2text directory.
Add the following entry in end of the visudo file.

# visudo
prakash ALL=(ALL) /bin/chmod 777 /opt/wikipedia2text

Checking the wikipedia2text folder permission before performing this action. wikipedia2textt folder currently having 700 permission.

# ls -lh /opt/
drwx------  3 root     root     4.0K Oct 13 10:55 wikipedia2text

Yes, it’s ran successfully

$ sudo /bin/chmod 777 /opt/wikipedia2text/
[sudo] password for prakash:

Yes, wikipedia2text folder permission has been changed. It’s got changed to 777.

# ls -lh /opt/
drwxrwxrwx  3 root     root     4.0K Oct 13 10:55 wikipedia2text

To double confirm on this, i’m going to run the same permission on the different directory. Yes, i’m getting the following error. It means, this command is not allowing user to perform any action outside of this directory.

$ sudo /bin/chmod 777 /opt/wikipedia2text/License
Sorry, user prakash is not allowed to execute '/bin/chmod 777 /opt/wikipedia2text/License' as root on centos.2daygeek.com.

Method-3 : How To Allow A User To Set Any Permission To Specific Directory And Its Sub-directory

The below example allows user to perform wildcard option.

Use the below example to allow Prakash user to set any permission to opt directory and it’s sub directory.
Add the following entry in end of the visudo file.

# visudo
prakash     ALL=(ALL) /bin/chmod *[!s] /opt/*

I’m going to run 755, 600 and 777 permission on /opt/test.txt file. All are success.

$ sudo /bin/chmod 755 /opt/test.txt
[sudo] password for prakash:

$ ls -lh /opt/test.txt
-rwxr-xr-x  1 daygeek magesh   32 Dec  6 16:52 test.txt

$ sudo /bin/chmod 600 /opt/test.txt
[sudo] password for prakash:

$ ls -lh /opt/test.txt
-rw-------  1 daygeek magesh   32 Dec  6 16:53 test.txt

$ sudo /bin/chmod 777 /opt/test.txt
[sudo] password for prakash:

$ ls -lh /opt/test.txt
-rwxrwxrwx  1 daygeek magesh   32 Dec  6 16:54 test.txt

Method-4 : How To Allow A User To Set Any Permission To Only Specific Directory

The below example allows user to perform wildcard option.

Use the below example to allow Prakash user to set any permission to only wikipedia2text directory.
Add the following entry in end of the visudo file.

# visudo
prakash     ALL=(ALL) /bin/chmod *[!s] /opt/wikipedia2text

Method-5 : How To Allow A User To Run Multiple Commands To Specific Directory And Its Sub-directory

This will allows user to perform multiple commands on specific directory and it’s sub-directory. This example allow Prakash user to perform chmod & chown command on /opt directory.

Use the below example to allow Prakash user to perform multiple commands on opt directory and it’s sub directory. Add the following entry in end of the visudo file.

# visudo
prakash     ALL=(ALL) /bin/chmod *[!s] /opt/*, /bin/chown *[!s] /opt/*

Checking current user and group permission. The below file has with “daygeek” user and “magesh” group permission.

$ ls -lh /opt/test.txt
-rwxr-xr-x  1 daygeek magesh   32 Dec  6 16:52 test.txt

Run the below command to change the user and group permission.

$ sudo /bin/chown root:root /opt/test.txt
[sudo] password for prakash:

Re-checking the user and group permission. Yes, it’s got changed.

$ ls -lh /opt/test.txt
-rwxr-xr-x  1 root     root   32 Dec  6 16:52 test.txt

Prakash Subramanian

Prakash Subramanian is a Linux lover and has 3.5+ years of experience in linux server administration with major Linux distribution such as (RHEL, CentOS, Ubuntu). He is currently working as a Senior L2 Linux Server administrator.

You may also like...

Shares
Close
Please support the site
By clicking any of these buttons you help our site to get better