CentOSThis forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I installed a program named IntelMQ, here it is all the steps that I made to install it in a CentOS 7https://github.com/certtools/intelmq/issues/981. During the installation two users are created: intelmq and apache.
The user apache is part of the GUI of the IntelMQ program and it has to execute commands as the user intelmq.
Basically, I can start the IntelMQ bots on the GUI, however I can't stop them. Probably is due to permission problems.
In the command line if I try to execute this command as the user apache it returns this:
Sorry, user apache is not allowed to execute '/bin/sudo -u intelmq /usr/bin/intelmqctl --type json stop abusech-domain-parser' as apache on localhost.localdomain
I do not really understand why do you need double sudo.
Probably it can work without sudo -u apache too.
Also it is not related to centos at all.
I do not really know which user is allowed to execute /usr/bin/intelmqctl.
Finally I think you need to configure the sudoers, see visudo
I already configured the sudoers file through visudo and that didn't solve my problem. I know this issue is not 100% related to CentOS, but in IntelMQ GitHub they weren't able to help me, because they are not familiarized with this OS.
It's still not an OS issue but one of configuring /etc/sudoers properly. Why does it have to be just the account "apache" that should be able to launch /usr/bin/intelmqctl as as the account "intelmq" ?
The user apache gives access to the web interface of intelmq, and to execute any commands in the web interface, apache needs to run them as the user intelmq.
I added this line to the sudoers file: apache ALL=(intelmq) NOPASSWD: /usr/bin/intelmqctl
Is there a possibility that maybe my sudo is broken, and maybe that's why I can't execute the commands?
I'm really sorry to bother you guys with a subject that is not related to the OS 100%, but I don't know anywhere else to ask help.
This line in the /etc/sudoers raises a JSON error in IntelMQ's web interface...
Anyway, thank you very much for your help. I will try to talk again with the IntelMQ team, because this is something related to the program and not the OS itself.
This line in the /etc/sudoers raises a JSON error in IntelMQ's web interface...
Does it work manually from the shell?
Quote:
Originally Posted by mf370
Anyway, thank you very much for your help. I will try to talk again with the IntelMQ team, because this is something related to the program and not the OS itself.
Once again, thank you!
There's a server subforum here. I think that's what was being referred to.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.