Is there a way to restrict the passwordless sudo commands to a set of "sub-commands".
I am not looking for the answer to How do I run specific sudo commands without a password? I want to know if I it is possible to specify "sub-commands".
For example if I created /etc/sudoers.d/foo with contents...
bar ALL = (root) NOPASSWD: /bin/systemctl
User bar would be able to run any systemctl commands without a password.
However, if I only want systemctl status <service> and systemctl restart <service> to be run without a password, is there a way to do that?
I tried...
bar ALL = (root) NOPASSWD: /bin/systemctl/restart
Just to see if it might work. It does not work.
If this restriction is possible, I would also like to know how to find the absulute path of a "sub-command".
Edit
I also tried...
$ which systemctl restart
But that only output /bin/systemctl
