which is the best way to allow a new user that I just created on ubuntu linux 9.04 to execute a script that requires some sudo without allowing him to the sudoers?
The fact is that I want to give the user just the ability to execute that script, without letting him to do anything more.
Is there a simple way to do it?
If the script really needs root rights, you could limit his sudo capabilities to just that script (see
man sudoers). If this is required for more than one user, create a group for this purpose, and if they should be allowed to execute this only once, modify the script so that it removes the user from the group afterwards.Also, make extra sure your script is safe, especially if it uses parameters.
If it's going to be more fluid (ie. you may add other scripts later, or you may want to add/remove many users' rights to execute the file), you could create a group, add the user to the group, set the group ownership of the file to that group, and then add group execute rights.
Lshell is the solution. You can restrict any commands to your users. Combined with sudo and MySecureShell gives you a powerfull solution.
http://lshell.ghantoos.org/
You cann add the suid bit to your shellscript. So if your shellscript is owned by root you do
This will do it.