So, I wanted to give a specific user the ability to use apt, but nothing else. I knew this had to be done via the sudoers file, but I wasn’t exactly sure how. No worries—just open the file and figure it out, right?
Opening the sudoers File
I ran:
sudo visudo
This opened up the sudoers file, where I started looking for something that controlled user privileges. I saw this familiar-looking line:
username ALL=(ALL:ALL) ALL
At first, I had no idea what it meant, so I Googled it. Turns out, the last ALL means the user can run all commands. That was my hint—this is where I had to tweak things.
Changing Access to apt
So, I replaced ALL with apt, thinking this would restrict the user to only using apt:
username ALL=(ALL:ALL) apt
I saved the file, but when I tried to use apt with the restricted user, I got an error—something about a path issue. I wasn’t sure what was going wrong, so I experimented a bit.
Changing apt to APT
Next, I tried changing apt to uppercase APT, just in case:
username ALL=(ALL:ALL) APT
This time, the file saved successfully, but the user still couldn’t run apt. The error message clearly said something about no access to /usr/bin/apt. That was the real problem.
The Final Fix: Specifying the Full Path
So, I copied the path /usr/bin/apt from the error message and used it explicitly in the sudoers file:
username ALL=(ALL:ALL) /usr/bin/apt
Saved the file, tested it, and boom—it worked! Now, the user could run apt, but nothing else.
Lessons Learned
- The
sudoersfile controls which commands a user can execute withsudo. - The last
ALLinALL=(ALL:ALL) ALLdefines which commands a user can run. - Specifying just
aptdoesn’t work—you need the full path (/usr/bin/apt). - Always test changes in a separate terminal before closing
visudo, so you don’t lock yourself out!
That’s it! Hope this helps if you ever need to restrict users to specific commands.
Top comments (0)