How to Allow User to Run Specific Commands

Step 1: Edit sudoers with visudo

sudo visudo -f /etc/sudoers.d/limited-cmds

Step 2: Add Command Restrictions

# User can run systemctl for nginx only
username ALL=(ALL) /bin/systemctl start nginx, /bin/systemctl stop nginx, /bin/systemctl restart nginx

# Allow without password
username ALL=(ALL) NOPASSWD: /usr/bin/systemctl status nginx

Step 3: Use Wildcards (Careful)

username ALL=(ALL) /bin/systemctl * nginx

Step 4: Test Commands

sudo -l
sudo systemctl restart nginx