# How to give users the ability to execute command as root?

## m_fighter

but don't to give them root password? 

Actually, the main task is giving the user write permission to the specific file.

I think, it should be a small program that run sudo and type password to stdout (but don't show it to user).

Is it possible?

For clarify: I know root password, but don't want to give it to another users. I don't have access to the computer, so only low privileged user can perform this operation. 

I tried sudo, but user only have access to reboot and halt - so, there is no way to use sudo?

----------

## mikegpitt

If you only want to give the user the ability to write to a specific file use chown to change the file's ownership.  They should be able to write to it if the parent directory structure at least allows read access to the file.  Use chgrp if you want to give a group of users write access.  Chmod is another option.

----------

## m_fighter

I don't have any access to the computer. User can't execute chown, chgrp and so on, isn't it?

I need to give a permission to a user to execute ONE operation: chmod +w file.txt

So, what's the solution?

----------

## Jaglover

This is kind of confusing, you have root password but no access to the computer? FWIW, sudo is very flexible and certainly can be configured the way you need, and chmod can be run by user, if the file belongs to that user.

----------

## mikegpitt

 *m_fighter wrote:*   

> I don't have any access to the computer. User can't execute chown, chgrp and so on, isn't it?
> 
> I need to give a permission to a user to execute ONE operation: chmod +w file.txt
> 
> So, what's the solution?

 If you don't have access to the machine you are out of luck.  If your plan was to instead create a C executable that changes the file's permissions with sudo (as opposed to using chown or chmod), you would still need to log in as root to update the /etc/sudoers file.

Basically, you can't grant someone permissions if you can't log into the machine and give access.  The only way for a user with bad permissions to be able to do this is to exploit a security hole in the system and have the exploit run the command -- probably not an ideal scenario.

One option to connect to the machine if you have network access available, and assuming the machine isn't running sshd -- have the user start sshd under their username.  Then log in as that user (you will need their password), and then use su to get root access.  This of course assumes the user is in the wheel group.

Or...  if the user has access to the machine, you can have them reboot it in single user mode, and tell them the command to run (or have them add sshd to the default runlevel, and you can change it upon reboot).

----------

## m_fighter

Ok, thanks for your answers.

So, there is no way to do it  :Sad: 

I don' have access to these computers because they are settled in different cities without any network.

Unfortunately, sudo was configured properly  :Smile:  - there is no access to any command except reboot and halt.

----------

