On Wed, 25 Feb 2004, George Toft wrote:

> Like I said - weird.
> 
> I have some web servers running a perversion of Apache called IHS.  This
> has been running with no problem, and I have an entry in /etc/sudoers
> that allows certain users to restart IHS.  This has worked well for
> about 6 months.  Suddenly (and coincident to the installation of a new
> module), only root can restart IHS.  The mere mortal can no longer
> restart IHS.  It tries to restart, but hangs up in the restart process.
> 
> I need to be able to let these users restart IHS via sudo and not grant
> them root.  Removing the module that caused this mess is NOT an option. 
> The current entry looks something like this:
> 
> User_Alias WEB = gtoft
> Cmnd_Alias HTTP = /bin/su /usr/local/apache/bin/apachectl
> WEB ALL = (root) NOPASSWD: HTTP
> 
> It sounds like a permissions issue, but this does make sense to me -
> doesnt the above run apachectl as root?
> 
> I am open to any alternative syntax that will allow WEB users to restart
> IHS.  Keep in mind, the above works fine without that module loaded.
> 
> 
Cmnd_Alias HTTP = "/usr/local/apache/bin/apachectl *"

Or at least that's pretty much how we did it at job[-2].

The /bin/su in this case looks redundant.  Since sudo runs the command as 
root, why su to root?

TJ

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss