Allowing a non-root user to restart a service

systemd jenkins

Solution 1:

sudo is the way to go. Create a new group (appadmin for example), put your jenkins user in it, and using visudo add a new entry with a limited list of commands, for example:

Cmnd_Alias MYAPP_CMNDS = /bin/systemctl start myapp, /bin/systemctl stop myapp
%appadmin ALL=(ALL) MYAPP_CMNDS

If you want the appadmin group to be able to operate the service without entering a password first (useful if the user is only authenticated by an SSH key for example),

Cmnd_Alias MYAPP_CMNDS = /bin/systemctl start myapp, /bin/systemctl stop myapp
%appadmin ALL=(ALL) NOPASSWD: MYAPP_CMNDS

Related

Is it safe to use procmail in 2017?
Memory Usage Numbers In top/htop
Can you require MFA for AWS IAM accounts?
HTTP over port 443 vs HTTPS over port 80
Backing up a 22 GB MySQL database daily
Is a hard drive's serial number globally unique?
PowerShell - Install-WindowsFeature (and family) missing on Windows 10?
How to rename a SQL Server 2008 instance?
Best Practice: vCPUs per physical core
Nginx log entries to multiple files
What is Hadoop and what is it used for? [closed]
How to delete all hidden files and directories using Bash?