A few months ago, my co-worker Lukas run into a problem when he wanted to deploy code with pipelines in Azure DevOps. As a final step, he needed to restart the web server. That is no problem in an interactive session on the machine itself, you just add sudo in front of the command and enter your password. Doing this as part of a pipeline is not a great idea – you would need to write down your password and put it into Azure DevOps.
The Linux way to tackle this problem is to use the sudoers-file. Lukas wrote down how this works and added some links for those who want to know the details.
Using the visudo command, you can create an entry in the sudoers-file that allows a specific user to run a command without entering their password. Even better, you can limit a command to certain arguments (like restart) and prevent the calls to others (like stop):
yourUser ALL=(ALL) NOPASSWD: /full/path/to/command ARG1 ARG2
With this approach, you can allow the deployment user to run commands with root privileges without entering a password while still keeping your system secure. Try it when you run into this problem – it may look complicated but it is not.