Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw

Re: sudo from Apache

by choroba (Canon)
on Sep 02, 2011 at 08:44 UTC ( #923793=note: print w/ replies, xml ) Need Help??

in reply to sudo from Apache

It might be impossible to find a password for www-data, because it is often a "pseudo-user" with no password that runs a web server. Only a privileged user can sudo to this user. Setting a password for such a user is a security risk.

Comment on Re: sudo from Apache
Replies are listed 'Best First'.
Re^2: sudo from Apache
by afoken (Prior) on Sep 03, 2011 at 07:34 UTC

    You don't need a password for www-data. sudo can be configured to allow one or more users to run one or more commands without any password. See the sudo documentation, especially man 5 sudoers.

    A line from my /etc/sudoers file, allowing every user to run the two scripts /service/fetchmail/wake and /service/fetchmail/status:

    %users ALL = NOPASSWD: /service/fetchmail/wake,/service/fetchmail/sta +tus

    Replace %users with www-data and only the user www-data is able to run the scripts.

    Replace the script names with some other script names and obviously, the other scripts can be executed without entering a password.

    Combine both and www-data can run a mount script and a umount script that call the mount and umount commands with fixed parameters.


    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://923793]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (8)
As of 2015-11-28 16:24 GMT
Find Nodes?
    Voting Booth?

    What would be the most significant thing to happen if a rope (or wire) tied the Earth and the Moon together?

    Results (743 votes), past polls