Make a shell script with sudo-level operations accessible to others

Question

On this particular Linux server, we have a directory on which people can add certain files and we want those files to be owned by a particular user, editable by a specific group, and not viewable to public. Right now, what I have to do is to occasionally run sudo chown this_user:that_group /foo/bar/*.ext; sudo chmod 750 /foo/bar/*.ext from the command line. I would prefer if I could turn this into a command-line program that other users could invoke, including those who don't have sudo access. Imagine a program called /usr/bin/fixpermissions which would run the above chown and chmod commands and return a success message.

How should I write this script so that it wouldn't ask for a password for the sudo part? And how can I make it available to other users (is putting it in /usr/bin/ sufficient or appropriate)?

Answer 1

That's not so much a question of "How to write the script", but rather of "How to make it usable via sudo".

The canonical location for the script would be /usr/local/bin ...

To achieve the "execute as sudo w/o password" I'd create a separate sudoers file:

sudo visudo -f /etc/sudoers.d/fixpermissions

with the following content:

%group ALL = NOPASSWD:  /usr/local/bin/fixpermissions

Obviously adjust names of files and groups to match your personal preferences and existing setup.

Careful with creating the sudoers file above w/ other means than visudo - you might end up locking yourself out of the box if you save a file with syntax errors (visudo will check it for validity on exit and prompt you to fix if it's borked).