Allow non-admin to execute sudo commands

It is sometimes useful to allow non-admin users to execute commands that normally require the use of sudo for example to reload nginx or to execute specific systemctl command. It is especially useful for CI/CD.

This is easily doable with visudo.

Start by adding a new sudoer file with

sudo visudo -f /etc/sudoers.d/<some-meaningful-name>

Note that the filename cannot contain dots or tilds.

Adding your file under /etc/sudoers.d/ ensures no bad surprise will arise when your distribution will change the /etc/sudoers file due to system upgrades.

All files in /etc/sudoers.d/ are loaded by the last line of /etc/sudoers (which is not a comment btw):

#includedir /etc/sudoers.d

Let's say you want the user web to be able to reload nginx config

Cmnd_Alias RELOADNGINX = /bin/systemctl reload nginx

The same can be done for a group by prepending the group name with a % for example


Also multiple commands can be added by separating them with a comma, here user web would be able to stop and start nginx.

Cmnd_Alias RESTART = /bin/systemctl stop nginx,/bin/systemctl start nginx

To check what has been added is valid, run sudo visudo --check.

Once saved and written, user web will be able to execute the command sudo systemctl restart nginx without any password.

For more on visudo, see man visudo and the following blogposts: