Scenario / Questions
I have a script running under a non-root user which, under certain conditions, should restart apache httpd.
What would be the simplest way for me to allow the user to do that?
I’m using Ubuntu Server 8.04 LTS.
Find below all possible solutions or suggestions for the above questions..
visudo, add the following to your sudoers file, replacing username with the proper username:
username ALL = /etc/init.d/apache2
If you want to not have to type in a password before you do this, use the following:
username ALL = NOPASSWD: /etc/init.d/apache2
After this, the ‘username’ user can execute
sudo /etc/init.d/apache2 start (or stop, restart,etc)
You’ll likely want to setup a separate user for this if you haven’t already, and then configure the /etc/sudoers file to allow a user or group to execute the command you want.
For example, to allow the user ‘ben’ to execute all commands as root prompting for a password, you would do the following:
ben ALL= ALL
To allow ‘ben’ to execute only one command (like say,
rm), you would do the following:
ben ALL= /bin/rm
If you are running a script as a user and don’t want to prompt for a password, you’ll want to use the ‘NOPASSWD’ option like so:
ben ALL=NOPASSWD: /bin/commandname options
You can do the same thing for groups by prefixing group names with a percentage sign, like so:
%supportstaff ALL= NOPASSWD: /bin/commandname
Short answer: sudo.
The call would look similar to the following:
sudo /etc/init.d/apache2 restart
Easiest is to use
visudo to set up the /etc/sudoers file. See
man sudoers and
man visudo for details.
You can also accomplish this by writing a wrapper to apache2ctl, assigning group ownership to a web administration group and setting the suid bit. This is a less general solution than visudo, but allows custom limitations on user abilities and error checking.
I wrote this tool for my own needs and have shared it on github: https://github.com/josiahjohnston/ltd_apache2ctl
Disclaimer: This has been sourced from a third party syndicated feed through internet. We are not responsibility or liability for its dependability, trustworthiness, reliability and data of the text. We reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever.