I've been attempting to set up a whitelist of commands a user can run on my system. The server I'm using is running CentOS 7. What is the syntax that should be used to only allow a certain group of commands and arguments to be run as sudo for a user? I'd also like for sudo to not require a password when calling these commands.
I've tried:
user ALL=/bin/cmd1 arg1 arg2, /bin/cmd2 arg1 arg2, /bin/cmd3 arg1 arg2 NOPASSWD: ALL
user ALL=(user:group) /bin/cmd1 arg1 arg2, /bin/cmd2 arg1 arg2, /bin/cmd3 arg1 arg2 NOPASSWD: ALL
user ALL=(user) /bin/cmd1 arg1 arg2, /bin/cmd2 arg1 arg2, /bin/cmd3 arg1 arg2 NOPASSWD: ALL
user ALL=(/bin/cmd1 arg1 arg2, /bin/cmd2 arg1 arg2, /bin/cmd3 arg1 arg2) NOPASSWD: ALL
All of those attempts have resulted in a syntax error in the /etc/sudoers file.
I've looked at this question: How to prevent sudo users from running specific commands? and also read this guide: https://www.digitalocean.com/community/tutorials/how-to-edit-the-sudoers-file-on-ubuntu-and-centos. The question seems to indicate that the first attempt should have worked, while the guide seems to indicate that the second attempt should have worked. So what does work?