I know, there're lots of other posts related to this question. but, that's not a secure way to proceed with. I've initially added Defaults:apache !requiretty and set the script.sh file path that run by the web user, this script.sh invokes another command that should run as root user.
then I added the NOPASSWD like this
apache ALL = (ALL) NOPASSWD:/home/app/admin/tomcat.sh start
It gave the following error
sudo: >>> /etc/sudoers: syntax error near line 120 <<< sudo: parse error in /etc/sudoers near line 120 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin
Then, I directly added the command that should run as root user. and it becomes
apache ALL = (ALL) NOPASSWD:/bin/su root -c /usr/share/apache-tomcat-7.0.61/bin/startup.sh
I also tried to change the command e.g:
apache ALL = (ALL) NOPASSWD:/usr/share/apache-tomcat-7.0.61/bin/shutdown.sh
still the same(above) error.
Although apache ALL=(ALL) NOPASSWD: ALL works well. but there is a security issue.
So, how can I grant a user the access to run a specific command as root user?
You'r first line seems to work well, i tried it with no problem, are you sure that the line 120 is the one you are trying to add? use the command "se: nu" on vi to check if the problem is not from another line just before or after, if it doesn't work ca you post all your sudoers file ?