Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic

Re: sudo from Apache

by choroba (Bishop)
on Sep 02, 2011 at 08:44 UTC ( #923793=note: print w/replies, xml ) Need Help??

in reply to sudo from Apache

It might be impossible to find a password for www-data, because it is often a "pseudo-user" with no password that runs a web server. Only a privileged user can sudo to this user. Setting a password for such a user is a security risk.

Replies are listed 'Best First'.
Re^2: sudo from Apache
by afoken (Abbot) on Sep 03, 2011 at 07:34 UTC

    You don't need a password for www-data. sudo can be configured to allow one or more users to run one or more commands without any password. See the sudo documentation, especially man 5 sudoers.

    A line from my /etc/sudoers file, allowing every user to run the two scripts /service/fetchmail/wake and /service/fetchmail/status:

    %users ALL = NOPASSWD: /service/fetchmail/wake,/service/fetchmail/sta +tus

    Replace %users with www-data and only the user www-data is able to run the scripts.

    Replace the script names with some other script names and obviously, the other scripts can be executed without entering a password.

    Combine both and www-data can run a mount script and a umount script that call the mount and umount commands with fixed parameters.


    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://923793]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others chilling in the Monastery: (7)
As of 2018-04-21 16:28 GMT
Find Nodes?
    Voting Booth?