Question

Giving sudo access to a specific folder to new user

Hi all,

I need my developer to have sudo access to one of the folders in root directory. I have his new user account, How do go about giving him access to this 1 specific folder so he can SSH into it ?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

It is going to be fairly difficult to restrict a sudoer to a single folder. I believe there are some options, commonly referred to as a jail. I believe it involves a mounted folder (mounted like a virtual drive), and even then it isn’t completely safe.

It may not suit your situation, but it is possible to use a process manager like PM2 to do things like restarting services and I believe it only requires sudo access upon the first installation (you may be able to revoke sudo access after install). Once installed it can restart processes and initiate new processes (there will be some limitations here, you will have to see if you can live with them). There are a few articles on using PM2 in the Community Tutorials section.

You may also be able to use something like vsftpd to achieve restriction to a specific directory (although generally the assumption is a non-sudo user’s home directory). You could check the How To Set Up vsftpd for a User’s Directory on Ubuntu 16.04 to see if that suits your situation.

I don’t think there is going to be a perfect fit, because I don’t think it was ever the intention to give an untrusted user sudo access. Good luck with it either way.