On Wed, 25 Feb 2004, George Toft wrote:
> Like I said - weird.
>
> I have some web servers running a perversion of Apache called IHS. This
> has been running with no problem, and I have an entry in /etc/sudoers
> that allows certain users to restart IHS. This has worked well for
> about 6 months. Suddenly (and coincident to the installation of a new
> module), only root can restart IHS. The mere mortal can no longer
> restart IHS. It tries to restart, but hangs up in the restart process.
>
> I need to be able to let these users restart IHS via sudo and not grant
> them root. Removing the module that caused this mess is NOT an option.
> The current entry looks something like this:
>
> User_Alias WEB = gtoft
> Cmnd_Alias HTTP = /bin/su /usr/local/apache/bin/apachectl
> WEB ALL = (root) NOPASSWD: HTTP
>
> It sounds like a permissions issue, but this does make sense to me -
> doesnt the above run apachectl as root?
>
> I am open to any alternative syntax that will allow WEB users to restart
> IHS. Keep in mind, the above works fine without that module loaded.
>
>
Cmnd_Alias HTTP = "/usr/local/apache/bin/apachectl *"
Or at least that's pretty much how we did it at job[-2].
The /bin/su in this case looks redundant. Since sudo runs the command as
root, why su to root?
TJ
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)