Category Archives: apparmor

How can a restrict a user to only start/stop services and configure networking in Linux? [on hold]

I have a program I have written in perl with a web fronted which runs on apache.

We would like to restrict access to the code for some users and only permit them to restart services and configure the ip address on the server.

I have built a whiptail script which runs on boot up which allows the users to perform the required functions however it is possible to break out of the whiptail script and drop to that users shell from there they can access the code.

I have tried using jailkit. I put the user in their own restricted jail, however I’m not sure how to let them restart the services owned by another user or change the ip address.

Is there a way to do this in JailKit or can someone please suggest a better approach?

thank you.