There are a few suggestions out there with clues about how this might be achieved. It seems to me that the restart command of Elasticsearch shouldn't need root privileges, at least in my use case.
Basically, in case the ES service stops I don't want the user of the program to have the responsibility of restarting it, and the program, after detecting that the service is inactive/dead for some reason, should just try restarting it.
There seems to be a way of tweaking these permissions using the sudo visudo, but I'm not entirely clear what to do: I want to allow ALL users to do one command of systemctl:
systemctl restart elasticsearch
The file /etc/sudoers.tmp file which comes up after sudo visudo firstly says "Please consider adding local content in /etc/sudoers.d/ instead of directly modifying this file." All 3 files currently in that directory appear to be binaries.
Secondly it is divided into various sections which I find quite puzzling: "Host/User/Cmnd alias specification", etc. I've had a look at the man page for SUDOERS but this mainly just makes me all too aware how ignorant I am.
There's something else: when a command that requires sudo (even when the command does not in fact start with the word "sudo") is run using subprocess.run, a dialog comes up in Linux saying "please enter the password". If it turns out that in fact the system has NOT been configured to allow systemctl restart elasticsearch to be run by anyone, I want to detect that, and output a suitable message, rather than have this dialog come up asking for the root privileges password. Is there any way of detecting that? ... or maybe intercepting the system before it asks for the root privileges password?
