The clean and secure way to allow the deploy user to run sudo commands without a password is to create a custom sudoers file in /etc/sudoers.d/.
Switch to root:
sudo su
Navigate to the sudoers directory:
cd /etc/sudoers.d/
Edit a new sudoers file using visudo: This ensures syntax is validated to prevent lockouts.
visudo -f deploy-user-ervices
Add this line to allow passwordless restart of Puma:
deploy ALL=(ALL) NOPASSWD: /bin/systemctl restart puma_website.service
📝 Notes:
- Replace puma_website.service with your actual systemd service name.
- To allow multiple services, separate them with commas:
Make sure the file has correct permissions:
chmod 440 /etc/sudoers.d/deploy-user-services