Add NOPASSWD for a specific command

959 views Asked by At

I know, there're lots of other posts related to this question. but, that's not a secure way to proceed with. I've initially added Defaults:apache !requiretty and set the script.sh file path that run by the web user, this script.sh invokes another command that should run as root user. then I added the NOPASSWD like this

apache ALL = (ALL) NOPASSWD:/home/app/admin/tomcat.sh start

It gave the following error

sudo: >>> /etc/sudoers: syntax error near line 120 <<< sudo: parse error in /etc/sudoers near line 120 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin

Then, I directly added the command that should run as root user. and it becomes

apache ALL = (ALL) NOPASSWD:/bin/su root -c /usr/share/apache-tomcat-7.0.61/bin/startup.sh

I also tried to change the command e.g:

apache ALL = (ALL) NOPASSWD:/usr/share/apache-tomcat-7.0.61/bin/shutdown.sh

still the same(above) error. Although apache ALL=(ALL) NOPASSWD: ALL works well. but there is a security issue.

So, how can I grant a user the access to run a specific command as root user?

1

There are 1 answers

1
sami slimani On

You'r first line seems to work well, i tried it with no problem, are you sure that the line 120 is the one you are trying to add? use the command "se: nu" on vi to check if the problem is not from another line just before or after, if it doesn't work ca you post all your sudoers file ?