Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re: sudo from Apache

by choroba (Chancellor)
on Sep 02, 2011 at 08:44 UTC ( #923793=note: print w/ replies, xml ) Need Help??

in reply to sudo from Apache

It might be impossible to find a password for www-data, because it is often a "pseudo-user" with no password that runs a web server. Only a privileged user can sudo to this user. Setting a password for such a user is a security risk.

Comment on Re: sudo from Apache
Replies are listed 'Best First'.
Re^2: sudo from Apache
by afoken (Monsignor) on Sep 03, 2011 at 07:34 UTC

    You don't need a password for www-data. sudo can be configured to allow one or more users to run one or more commands without any password. See the sudo documentation, especially man 5 sudoers.

    A line from my /etc/sudoers file, allowing every user to run the two scripts /service/fetchmail/wake and /service/fetchmail/status:

    %users ALL = NOPASSWD: /service/fetchmail/wake,/service/fetchmail/sta +tus

    Replace %users with www-data and only the user www-data is able to run the scripts.

    Replace the script names with some other script names and obviously, the other scripts can be executed without entering a password.

    Combine both and www-data can run a mount script and a umount script that call the mount and umount commands with fixed parameters.


    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://923793]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (5)
As of 2016-02-13 09:02 GMT
Find Nodes?
    Voting Booth?

    How many photographs, souvenirs, artworks, trophies or other decorative objects are displayed in your home?

    Results (422 votes), past polls