Linux: how to give a user permission to restart apache?
Solution 1
Short answer:
Using visudo
, add the following to your sudoers file, replacing username with the proper username:
username ALL = /etc/init.d/apache2
If you want to not have to type in a password before you do this, use the following:
username ALL = NOPASSWD: /etc/init.d/apache2
After this, the 'username' user can execute sudo /etc/init.d/apache2 start
(or stop, restart,etc)
Long answer: You'll likely want to setup a separate user for this if you haven't already, and then configure the /etc/sudoers file to allow a user or group to execute the command you want.
For example, to allow the user 'ben' to execute all commands as root prompting for a password, you would do the following:
ben ALL= ALL
To allow 'ben' to execute only one command (like say, rm
), you would do the following:
ben ALL= /bin/rm
If you are running a script as a user and don't want to prompt for a password, you'll want to use the 'NOPASSWD' option like so:
ben ALL=NOPASSWD: /bin/commandname options
You can do the same thing for groups by prefixing group names with a percentage sign, like so:
%supportstaff ALL= NOPASSWD: /bin/commandname
Solution 2
Short answer: sudo.
The call would look similar to the following: sudo /etc/init.d/apache2 restart
Easiest is to use visudo
to set up the /etc/sudoers file. See man sudoers
and man visudo
for details.
Related videos on Youtube
Charlie Gorichanaz
Updated on September 17, 2022Comments
-
Charlie Gorichanaz almost 2 years
I have a script running under a non-root user which, under certain conditions, should restart apache httpd.
What would be the simplest way for me to allow the user to do that?
I'm using Ubuntu Server 8.04 LTS.
-
Matt Fletcher over 9 yearsOP said about doing it through a script- the script won't be able to enter a password so this answer won't make any sense.
-
ThorSummoner over 8 yearsCan
username
be restricted to a subset of parameters? Saystart
restart
but notstop
? -
ThorSummoner over 8 yearsthe
visudo
command does safety checks on your edits so you don't break thesudo
/su
command by accident: unix.stackexchange.com/a/27595/61349 -
Robin Kanters almost 7 years@MattFletcher unless you use NOPASSWD