Hey guys, I need to give the 'nobody' user (which is what our apache runs as) no password access to a file, via sudo. This is what I've tried: nobody ALL=(ALL) NOPASSWD: /var/www/qa/launchpadnew/site/ftp_check.php But if I become the nobody user and try to access the file, it tries to prompt me for a password: -bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php [sudo] password for nobody: Can someone please point out for me where I'm going wrong? Cuz I don't see it!! Thanks ! :) Tim -- GPG me!! gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
try "sudo php /var/www/qa/launchpadnew/site/ftp_check.php" and "sudo /var/www/qa/launchpadnew/site/ftp_check.php" You're giving the user the ability to run /var/www/qa/launchpadnew/site/ftp_check.php but not necessarily php. Your script might not need it, so try it each way. And, since you're using sudo, you need to call "sudo" before the command. On Tue, Feb 3, 2015 at 5:32 PM, Tim Dunphy <bluethundr at gmail.com> wrote:> Hey guys, > > I need to give the 'nobody' user (which is what our apache runs as) no > password access to a file, via sudo. This is what I've tried: > > nobody ALL=(ALL) NOPASSWD: > /var/www/qa/launchpadnew/site/ftp_check.php > > But if I become the nobody user and try to access the file, it tries to > prompt me for a password: > > -bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php > [sudo] password for nobody: > > Can someone please point out for me where I'm going wrong? Cuz I don't see > it!! > > Thanks ! :) > > Tim > > > > > > -- > GPG me!! > > gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >
On Tue, February 3, 2015 4:32 pm, Tim Dunphy wrote:> Hey guys, > > I need to give the 'nobody' user (which is what our apache runs as) no > password access to a file, via sudo. This is what I've tried: > > nobody ALL=(ALL) NOPASSWD: > /var/www/qa/launchpadnew/site/ftp_check.php > > But if I become the nobody user and try to access the file, it tries to > prompt me for a password: > > -bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php > [sudo] password for nobody: > > Can someone please point out for me where I'm going wrong? Cuz I don't see > it!! >This whole thing sounds scary... Is there really no other (less scary) way to achieve what you want to achieve? Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On 2/3/2015 2:32 PM, Tim Dunphy wrote:> -bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php > [sudo] password for nobody:where did sudo even come into this picture? does this ftp_check.php script fork a shell with sudo or something? sounds like a VERY bad way of doing whatever it is you're trying to do. -- john r pierce 37N 122W somewhere on the middle of the left coast
Hi, On Wed, Feb 4, 2015 at 4:57 AM, John R Pierce <pierce at hogranch.com> wrote:> On 2/3/2015 2:32 PM, Tim Dunphy wrote: > >> -bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php >> [sudo] password for nobody: >> >In sudoers file, you have to provide the whole path of the "php" command to execute any php file.> > where did sudo even come into this picture? > > does this ftp_check.php script fork a shell with sudo or something? > > sounds like a VERY bad way of doing whatever it is you're trying to do. >I agree with John here. You should use better method to do this. --Regards Ashishkumar S. Yadav
Tim Dunphy writes:> Hey guys, > > I need to give the 'nobody' user (which is what our apache runs as) no > password access to a file, via sudo. This is what I've tried:In addition to all other comments so far, 'nobody' is a bad choice for httpd. If this is your distro's default, it's a bad one. It is better to create a dedicated user that is guaranteed to be used only as configured by you.