Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 12-04-2008, 10:35 AM   #1
Registered: Sep 2006
Distribution: Fedora 8, RHEL 5
Posts: 62

Rep: Reputation: 15
Help with sudo and sudoers

My understanding of sudo is that it is used to allow you to perform a task as if you were the root user. So a file like this one:

-rw-r--r-- 1 root root 20 Dec 3 18:27 /etc/resolv.conf

which has rw permissions for root only, if I wanted to modify that file I would need to do something like:

$ sudo echo 'nameserver' > resolv.conf

After which I would be prompted for my creds and I would be allowed to overwrite the file even though my user has no explicit permissions to do so.

Similarly, if I want to be able to do this non-interactively, say in a php script through apache, I need to have a line similar to this one in the sudoers file:

apache ALL= NOPASSWD: /usr/sbin/netconfig, /bin/rm, /sbin/service, /bin/echo

This is my understanding anyway. The problem I am running into is that my php script is not working for the echo command. However, there are two undesirable work arounds I can do to make it work:

1. chown apache.apache /etc/resolv.conf

2. chmod 666 /etc/resolv.conf

I don't like either solution, even though I have tested them both and they do indeed mitigate the problem I am having. I would rather get the sudo command working as it should. Does anyone here have any suggestions?
Old 12-04-2008, 09:41 PM   #2
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
IMO the traditional Unix way to do this would be to change the group ownership of the file to apache leaving the user ownership as root. There is absolutely nothing wrong with this solution. Also, it is much better than setting NOPASSWD on any user account in the sudoers file. I agree that changing the permissions to 666 is not acceptable.
chgrp apache /etc/resolv.conf
Old 12-06-2008, 11:51 AM   #3
Registered: Sep 2006
Distribution: Fedora 8, RHEL 5
Posts: 62

Original Poster
Rep: Reputation: 15
Thanks for the tip, thats a very good way to go about it. What I decided to do in the end was rearrange the command that modifies the file. What I was doing was trying to sudo echo, which is clearly wrong since that is not a command that is restricted to root. Anyone can echo. However, my thinking was that if I echoed as root I'd be able to modify the file. This wasn't working so I did this instead, at the advice of someone over at the ubuntu forums:

echo 'nameserver' | sudo tee /etc/resolv.conf

I like your idea of changing the group ownership though.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Preventing Sudoers from doing sudo su DejaCpp Linux - Security 4 12-22-2007 04:47 AM
sudo not working, sudoers edited DIGITAL39 Linux - Newbie 2 12-18-2006 06:59 AM
Configuring SUDO for users, a.k.a. sudoers Micro420 Linux - Newbie 10 04-21-2006 11:12 PM
Sudo password for users, a.k.a. sudoers Micro420 SUSE / openSUSE 2 04-21-2006 09:23 PM
sudo and sudoers syntax mikemrh9 Linux - Security 7 06-04-2005 07:54 PM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration