sudo: apache restarting a service on CentOS
- by WaveyDavey
I need my web app to restart the dansguardian service (on CentOS) so it needs to run '/sbin/service dansguardian restart'
I have a shellscript in /home/topological called apacherestart.sh which does the following:
#!/bin/sh
id=`id`
/sbin/service dansguardian restart
r=$?
return $r
This runs ok (logger statement in script for testing output to syslog, so I know it's running)
To make it run, I put this in /etc/sudoers:
User_Alias APACHE=www
# Cmnd alias specification
Cmnd_Alias HTTPRESTART=/home/topological/apacherestart.sh,/sbin/e-smith/db,/etc/rc7.d/S91dansguardian
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
APACHE ALL=(ALL) NOPASSWD: HTTPRESTART
So far so good. But the service does not restart. To test this I created a user david, and fudged the uid/gid in /etc/passwd to be the same as www:
www:x:102:102:e-smith web server:/home/e-smith:/bin/false
david:x:102:102:David:/home/e-smith/files/users/david:/bin/bash
then logged in as david and tried to run the apacherestart.sh. The problem I get is:
/etc/rc7.d/S91dansguardian: line 51: /sbin/e-smith/db: Permission denied
even though S91dansguardian and db are in the sudoers command list.
Any ideas?
