Beefy Boxes and Bandwidth Generously Provided by pair Networks
We don't bite newbies here... much
 
PerlMonks  

Re: sudo from Apache

by choroba (Canon)
on Sep 02, 2011 at 08:44 UTC ( #923793=note: print w/ replies, xml ) Need Help??


in reply to sudo from Apache

It might be impossible to find a password for www-data, because it is often a "pseudo-user" with no password that runs a web server. Only a privileged user can sudo to this user. Setting a password for such a user is a security risk.


Comment on Re: sudo from Apache
Re^2: sudo from Apache
by afoken (Prior) on Sep 03, 2011 at 07:34 UTC

    You don't need a password for www-data. sudo can be configured to allow one or more users to run one or more commands without any password. See the sudo documentation, especially man 5 sudoers.

    A line from my /etc/sudoers file, allowing every user to run the two scripts /service/fetchmail/wake and /service/fetchmail/status:

    %users ALL = NOPASSWD: /service/fetchmail/wake,/service/fetchmail/sta +tus

    Replace %users with www-data and only the user www-data is able to run the scripts.

    Replace the script names with some other script names and obviously, the other scripts can be executed without entering a password.

    Combine both and www-data can run a mount script and a umount script that call the mount and umount commands with fixed parameters.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://923793]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (7)
As of 2015-07-05 15:35 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (67 votes), past polls