My company is using VSTS builds for continuous integration. Every commit triggers a build which runs on a Linux agent. The problems is after the build is finished, I need the agent to restart a service(which requires root). How can I automatically restart the service via the agent with minimal security risks?
You can add a new user to build agent machine and grant the necessary security to restart service, then configure/change the build agent running account to that user.
An article about deploying an agent on linux.