How do I allow a AL-user to only run the dnf update and dnf upgrade command

I cannot figure out how to allow a user (in this case test) to only be able to run the dnf update command with the sudoers file. When ever I try to add the user and then test it out it still does not allow the user to run the command.

The user is not allowed to have sudo rights, so he will be only able to update.

Can someone please help me out? I have been researching this all day and can still not figure it out. I am probably typing in something wrong.

I am using AlmaLinux8.6.

as root add the rule:

echo 'test ALL=PASSWD: /usr/bin/dnf update' > /etc/sudoers.d/dnf

then as user test, run:

sudo dnf update

works for me. the user can’t run sudo su or sudo bash or anything else. there’s plenty more you can do to lock it down though (e.g. Defaults, logfile, ensure the user isn’t in the wheel group and so on).

what’s your error message?

you should use visudo if editing the main /etc/sudoers file.


hey sej7278, thats great it solved my problem. Thanks a lot.

Note: man dnf writes:

Upgrade Command
Command: upgrade
Aliases: up
Deprecated aliases: update, upgrade-to, update-to, localupdate

Since the update is called deprecated, it is probably wiser to allow and teach the user the up.
That is easier to write too.