Like I said - weird.
I have some web servers running a perversion of Apache called IHS. This
has been running with no problem, and I have an entry in /etc/sudoers
that allows certain users to restart IHS. This has worked well for
about 6 months. Suddenly (and coincident to the installation of a new
module), only root can restart IHS. The mere mortal can no longer
restart IHS. It tries to restart, but hangs up in the restart process.
I need to be able to let these users restart IHS via sudo and not grant
them root. Removing the module that caused this mess is NOT an option.
The current entry looks something like this:
User_Alias WEB = gtoft
Cmnd_Alias HTTP = /bin/su /usr/local/apache/bin/apachectl
WEB ALL = (root) NOPASSWD: HTTP
It sounds like a permissions issue, but this does make sense to me -
doesnt the above run apachectl as root?
I am open to any alternative syntax that will allow WEB users to restart
IHS. Keep in mind, the above works fine without that module loaded.
--
George Toft
CISSP, NSNS, MSIS
Computer Security
AGD,llc
www.agdllc.com
623-203-1760
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss