sudo: apache restarting a service on CentOS
Posted
by WaveyDavey
on Server Fault
See other posts from Server Fault
or by WaveyDavey
Published on 2010-06-10T10:09:52Z
Indexed on
2010/06/10
10:13 UTC
Read the original article
Hit count: 649
I need my web app to restart the dansguardian service (on CentOS) so it needs to run '/sbin/service dansguardian restart' I have a shellscript in /home/topological called apacherestart.sh which does the following:
#!/bin/sh
id=`id`
/sbin/service dansguardian restart
r=$?
return $r
This runs ok (logger statement in script for testing output to syslog, so I know it's running) To make it run, I put this in /etc/sudoers:
User_Alias APACHE=www
# Cmnd alias specification
Cmnd_Alias HTTPRESTART=/home/topological/apacherestart.sh,/sbin/e-smith/db,/etc/rc7.d/S91dansguardian
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
APACHE ALL=(ALL) NOPASSWD: HTTPRESTART
So far so good. But the service does not restart. To test this I created a user david, and fudged the uid/gid in /etc/passwd to be the same as www:
www:x:102:102:e-smith web server:/home/e-smith:/bin/false
david:x:102:102:David:/home/e-smith/files/users/david:/bin/bash
then logged in as david and tried to run the apacherestart.sh. The problem I get is:
/etc/rc7.d/S91dansguardian: line 51: /sbin/e-smith/db: Permission denied
even though S91dansguardian and db are in the sudoers command list.
Any ideas?
© Server Fault or respective owner