Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: sudo from Apache

by choroba (Abbot)
on Sep 02, 2011 at 08:44 UTC ( #923793=note: print w/ replies, xml ) Need Help??


in reply to sudo from Apache

It might be impossible to find a password for www-data, because it is often a "pseudo-user" with no password that runs a web server. Only a privileged user can sudo to this user. Setting a password for such a user is a security risk.


Comment on Re: sudo from Apache
Re^2: sudo from Apache
by afoken (Parson) on Sep 03, 2011 at 07:34 UTC

    You don't need a password for www-data. sudo can be configured to allow one or more users to run one or more commands without any password. See the sudo documentation, especially man 5 sudoers.

    A line from my /etc/sudoers file, allowing every user to run the two scripts /service/fetchmail/wake and /service/fetchmail/status:

    %users ALL = NOPASSWD: /service/fetchmail/wake,/service/fetchmail/sta +tus

    Replace %users with www-data and only the user www-data is able to run the scripts.

    Replace the script names with some other script names and obviously, the other scripts can be executed without entering a password.

    Combine both and www-data can run a mount script and a umount script that call the mount and umount commands with fixed parameters.

    Alexander

    --
    Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://923793]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (8)
As of 2014-12-21 16:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (106 votes), past polls