Granting privileges using visudo still prevents user to execute command

Following this solution, I want to grant to the user daemon the execution of /bin/date.
Here what I did:

  1. find the user that apache2 uses when spawning:

    # ps | grep httpd
    252 root     /usr/bin/httpd -k start
    260 daemon   /usr/bin/httpd -k start
    262 daemon   /usr/bin/httpd -k start
    264 daemon   /usr/bin/httpd -k start
    467 root     grep httpd
  2. find the right path for date:

    # which date
  3. using visudo add the following lines:

    Cmnd_Alias DATE=/bin/date                                               
  4. reboot

  5. test the new privileges:

    # sudo -u daemon date -s "2023-09-09 10:16:00"
    date: can't set date: Operation not permitted
    Sat Sep  9 10:16:00 UTC 2023

Is there anything wrong in my syntax?
I also tried with:


but it’s the same.
It’s a Buildroot environment.

Asked By: Mark


You need to specify the exact path matching the sudoers configuration. Your test is also back to front: starting from root, you need to become daemon, then try to run sudo.

sudo -u daemon sudo /bin/date -s "2023-09-09 10:16:00"

should work.

(Your current test tries to run date as the daemon user, which won’t work.)

Answered By: Stephen Kitt
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.