LinuxQuestions.org - non-root user(s) access to modify and restart apache

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - non-root user(s) access to modify and restart apache (https://www.linuxquestions.org/questions/linux-security-4/non-root-user-s-access-to-modify-and-restart-apache-811210/)

fishjohn

05-31-2010 02:59 AM

non-root user(s) access to modify and restart apache

How could I give regular user(s) access to change httpd(apache) conf and restart apache? I dont want to give them root access.

Acctually giving access to change files is easy, I rather dont know whats the best and clearest way to give access to restart apache?

EricTRA

05-31-2010 03:08 AM

Hello,

On a file level you could use setfacl to give permission to a specific user to edit the file.
On the program level you can use sudo (if installed, if not install it) to provide a secure way to allow another user to restart apache. No need to give root access for neither of the things you want.

Kind regards,

Eric

anomie

06-01-2010 10:36 PM

You might create a script - e.g. /usr/local/bin/bounce-apache.sh - and make the necessary users sudoers to run only that command (and nothing else).

bounce-apache.sh could simply:

1. Check syntax:

Code:

apachectl -t

2. If the syntactical test went OK, gracefully restart Apache:

Code:

apachectl -k graceful

(Just one idea.)

All times are GMT -5. The time now is 02:27 PM.