# Allow user "ed" to manage the hq01 systemd service without a password.
# Scope is intentionally narrow: only these systemctl verbs for hq01.service,
# plus installing this one unit file. It grants no other root access.
# Installed to /etc/sudoers.d/hq01-systemctl (mode 0440, owned by root).
ed ALL=(root) NOPASSWD: /usr/bin/systemctl start hq01.service, /usr/bin/systemctl stop hq01.service, /usr/bin/systemctl restart hq01.service, /usr/bin/systemctl enable hq01.service, /usr/bin/systemctl disable hq01.service, /usr/bin/systemctl daemon-reload, /usr/bin/cp /srv/aaf/infrastructure/systemd/hq01.service /etc/systemd/system/hq01.service

root · /srv/aaf