how to make it possible for a non root user to restart the webserver
 

Hi, I don't know a lot about linux, so I have to ask this, probably dumb, question:

I got an ubuntu server - with isp config - running a few websites. Now, for some reason, the server keeps hanging. I've had people looking at it, and none sofa knows what the source of the problem(s) is.

Until that's solved, I'd like a person, not me, to be able to restart the web service. I have to do it quite a few times on busy days, and i either do it via putty or via isp config. In the latter, I log in as admin and via putty I log in as root.

Is there a way, for example, via a .sh script or so, that someone else might restart the web service? Someone, without root priviliges?

Or can I make a new user and give that permission somehow, and preferrably give him/her access without having to use putty?

Thanks!

I'd create another account and edit /etc/sudoers with visudo to only give that account sudo access to the web server startup script. This would require putty though as the user would need a shell to run the script.

As far as web based stuff goes, I haven't used anything like that for a while. Webmin is supposed to support Ubuntu and can control an Apache server so you may be able to use it.

First of all, thanks for your answer!
I know I'm asking quite a lot, but could you explain the steps you're referring to above a bit more in details as for dummies?

Thanks!

You should indicate which part you don't understand. Read the /etc/sudoers file. It is well commented.
The lines that begin with an octothorpe symbol (#) are comments as you probably know. Also, the visudo command on the server is what you use to edit the /etc/sudoers file. It will perform error detection and if you made a mistake editing the file, it will let you know and give you a menu option to continue editing.

Look at the example of giving members of the wheel group permission to use sudo. (note: Ubuntu uses the admin group instead) To use this line, remove the "# " from the beginning of the line. This however will allow any user to issue a root command. On some distros the user will need to know the root password. On others the users own password will be asked for. If the latter is the case, comment out the "targetpw" entry.

Look at the example which gives users permission to mount a cdrom. You could use this line as a model and create a similar line the restarts the web server service instead.

Another option is to use ssh to issue the service restart command. After the username and host, you can add the command that you want run on the server. Only this command will be run, and the user issuing the command will not be operating in a shell. This can prevent errors and abuse.
example:
ssh username@host sudo service httpd restart
After authenticating, the single command is run.

It would be easiest if your remote client were a linux machine. An alternative is to install "Cygwin", which will give you a bash shell and commands such as ssh, instead of stumbling along with putty. If you install Cygwin/X, you could even edit the config files in gedit or another graphical text editor that is installed on the server (provided X forwarding is enabled in your sshd_config file)

By the way, logging into the server as root is a bad idea. Especially if you use name/password authentication. This leaves the server open to brute force attacks from script kiddies. Unless you need a cron job to connect to the server automatically, you should log in as a regular user and the su to root or use sudo to execute administrative commands.
Even then you should look into setting up public key authentication. If you don't need automated ssh connections, then give the private key a strong pass phrase. This will require entering the passphrase to unlock the private key on the client.

Configuring Public Key Authentication
You will need to edit /etc/ssh/sshd_config on the server to disable root logins, password authentication and enable public key authentication. Also first you need to copy your clients public key to the authorized_keys file on the server. Read through the /etc/ssh/sshd_config file. Look at the line for "UsePAM". The paragraph of instructions above this line give instructions on how to configure public key authentication. If you still use putty on the client, you can use puttys keygen program to generate a public/private key pair. Load in the key and it will display the openssh public key. Highlight the openssh public key and paste it into the server's authorized_keys file.

It would also be worthwile reading through the manpages for ssh, sshd_config and ssh_config.

If your websites run on LAMP servers, be sure you check that the root user has a password and that the demo database that allows guest access is dropped. Since the server allows root ssh access, the MySQL server may not be hardened either. Downloading the MySQL manual from their website would be a good idea. It has a section on other security issues, such as making sure your scripts wrap user input inside single quotes to prevent sql injection.

IMHO, anyone running a number of Linux servers should also at least run linux at home to learn more about it.