I'm running a service where I have users that are running services from their home directories. They are all in the group serviceusers
, and I have a user that will perform automated tasks initiated from a website on the service users files. Lets call him taskrunner
.
I am trying to allow taskrunner
to sudo as any user in serviceusers
.
Now I tried to do this via the sudoers file:
serviceuser=ALL(serviceusers:serviceusers) NOPASSWD:ALL
(I realize that 'serviceusers:serviceusers' means serviceuser user and serviceuser group. But I don't want the taskrunner
user to be able to sudo as all users. Just users in the serviceusers
group)
So to be more specific I want to be able to run sudo -u serviceuser1 ...
not sudo -g serviceusers...
.
I've been trying to add /etc/pam.d/sudo
in order to allow this. But I can't find very good resources for what the proper syntax for the pam.d/sudo file.
I know I can add to pam.d/su and allow the user to su to the users in the group, so that may be an option, however I was wondering if it was possible with just plain sudo.
I'm fairly new to server administration so if this is not the correct way to go about this let me know some good resources.