sudo: apache restarting a service on CentOS

Posted by WaveyDavey on Server Fault See other posts from Server Fault or by WaveyDavey
Published on 2010-06-10T10:09:52Z Indexed on 2010/06/10 10:13 UTC
Read the original article Hit count: 649

Filed under:
|
|
|
|

I need my web app to restart the dansguardian service (on CentOS) so it needs to run '/sbin/service dansguardian restart' I have a shellscript in /home/topological called apacherestart.sh which does the following:

#!/bin/sh
id=`id`
/sbin/service dansguardian restart
r=$?
return $r

This runs ok (logger statement in script for testing output to syslog, so I know it's running) To make it run, I put this in /etc/sudoers:

User_Alias      APACHE=www
# Cmnd alias specification
Cmnd_Alias      HTTPRESTART=/home/topological/apacherestart.sh,/sbin/e-smith/db,/etc/rc7.d/S91dansguardian
# Defaults specification
# User privilege specification
root    ALL=(ALL) ALL
APACHE  ALL=(ALL) NOPASSWD: HTTPRESTART

So far so good. But the service does not restart. To test this I created a user david, and fudged the uid/gid in /etc/passwd to be the same as www:

www:x:102:102:e-smith web server:/home/e-smith:/bin/false
david:x:102:102:David:/home/e-smith/files/users/david:/bin/bash

then logged in as david and tried to run the apacherestart.sh. The problem I get is:

/etc/rc7.d/S91dansguardian: line 51: /sbin/e-smith/db: Permission denied

even though S91dansguardian and db are in the sudoers command list.

Any ideas?

© Server Fault or respective owner

Related posts about apache

Related posts about centos