Whitelisting commands a user can use with sudo

I've been attempting to set up a whitelist of commands a user can run on my system. The server I'm using is running CentOS 7. What is the syntax that should be used to only allow a certain group of commands and arguments to be run as sudo for a user? I'd also like for sudo to not require a password when calling these commands.

I've tried:

1. user ALL=/bin/cmd1 arg1 arg2, /bin/cmd2 arg1 arg2, /bin/cmd3 arg1 arg2 NOPASSWD: ALL

2. user ALL=(user:group) /bin/cmd1 arg1 arg2, /bin/cmd2 arg1 arg2, /bin/cmd3 arg1 arg2 NOPASSWD: ALL

3. user ALL=(user) /bin/cmd1 arg1 arg2, /bin/cmd2 arg1 arg2, /bin/cmd3 arg1 arg2 NOPASSWD: ALL

4. user ALL=(/bin/cmd1 arg1 arg2, /bin/cmd2 arg1 arg2, /bin/cmd3 arg1 arg2) NOPASSWD: ALL

All of those attempts have resulted in a syntax error in the /etc/sudoers file.

I've looked at this question: How to prevent sudo users from running specific commands? and also read this guide: https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos. The question seems to indicate that the first attempt should have worked, while the guide seems to indicate that the second attempt should have worked. So what does work?

Asked by user524037 (1 )
Nov 19, 2015 at 18:11