A production server runs a systemd unit called myapp.service. Members of the developers UNIX group must be able to restart this service during deployments without being prompted for a password, but the security team insists that they must not gain an interactive root shell or be able to run any other privileged commands. Which sudoers line, added with visudo in /etc/sudoers.d/deploy, best satisfies the requirement and the principle of least privilege?
Granting the group permission to run only the exact command that is needed-with its full path-achieves the goal of avoiding root while still allowing the task. The line %developers ALL=(root) NOPASSWD: /bin/systemctl restart myapp.service limits sudo to a single, specific command, so attempts such as sudo -i or sudo /bin/bash will be denied. The other choices either grant the group every root command, include an unrestricted root shell, or omit the command restriction entirely, all of which violate least-privilege guidelines and give developers broader root access than required.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the principle of least privilege important?
Open an interactive chat with Bash
What is the purpose of the `visudo` command?
Open an interactive chat with Bash
What does the `NOPASSWD` directive in a sudoers file mean?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access