Title of the question kind of sums it up. I am deploying a network appliance as a VM based on Debian 9 but want to give the user the ability to add additional disk space if needed, however I do not want them to have full system access on the command line. How can I create an account that’s limited to only performing fdisk type activities? Also I want to limit their file system access so they cannot browse the disk.
You should just automate the task of resizing the virtual hard drive and filesystem instead.
For instance, cloud-init can be set up to automatically grow the partitions (and filesystems) of virtual machine instances, and is already set to do so on VM instances from major cloud providers such as Amazon AWS and Google Cloud. You can use cloud-init yourself to automate this task. In this case, the end user would resize the virtual disk in their hypervisor, then reboot the instance, and cloud-init would automatically do all of the necessary steps.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.