I been looking for ways to let normal user run privileged commands and after some searching found that adding users to the wheel group is bad and also adding NOPASSWD and ALL = ALL to sudoers for an user is also plain as bad. The only alternative I can think of at the moment is to populate the sudoers file with specific commands the user would be running and thus I am doing this -
user server = NOPASSWD: /sbin/mount, /usr/libexec/locate.updatedb But it seems like a lot of work as I have around 30 servers and not all servers require the exact same command. Is there any easier and secure way of populating the sudoers files? Thanks.
