...
| Code Block |
|---|
|
bob ALL=(root) NOPASSWD: /bin/mkdir, /usr/bin/find |
Allow staff Group to sudo
Rather then editing the /etc/sudoers using visudo, this approach ensures that system upgrades will not overwrite your changes.
Download File Using tscripts
Quick method.
| Tip |
|---|
This is not ideal way of doing it. Ubuntu may update this file. Instead someone should add here an injection technique using sed. Just be careful of file permissions. |
Download tscripts,
| Code Block |
|---|
|
cd ~
wget http://www.bonsaiframework.com/tscripts/01_enable_sudo_for_staff
sudo cp 01_enable_sudo_for_staff /etc/sudoers.d/
rm 01_enable_sudo_for_staff |
Test by running as a staff user a non-destructive command only sudo can use,
If this works, you should only run as a real staff user to keep a proper audit trail of who did what.
Manual Method
If you want to create the file manually,
| Code Block |
|---|
|
# Locks file and validates for syntax errors when saving.
sudo visudo -f /etc/sudoers.d/01_enable_sudo_for_staff |
visudo launches your default editor to a special file. Add the following to the file,
| Code Block |
|---|
|
# Members of the staff group may gain root privileges.
%staff ALL=(ALL) ALL |
Going forward, make sure to use visudo to edit the 01_enable_sudo_for_staff file to ensure proper permissions and locking,
| Code Block |
|---|
|
sudo apt-get update |