I can't make partial sudo account work on ubuntu server 10.04
The title might not be explanatory enough but I couldn't find any better way to formulate it. I will be running a server for office use. It will host applications on tomcat. 2 differents people would be deploying the application they are working on (office policy, all developers should be familiar with it).
I know there is ACL module at HDD level but I think it would be an overkill to do that for this purpose. Beside its usage is not so clear to me as I would want to use it in a a way where I could list allowed actions like listed below , allowed for an user or group as opposed to listing the users/groups who are allowed for a particular resource/script etc.
I would like to create a group which would be giving a particular set of privileges such as:
create a folder in /opt/tomcat*/webapps * there could be different instances
start/stop/restart a particular tomcat servive example service tomcat-1 start
start/stop/reload/restart apache2 for reverse proxy purpose
edit /etc/apache2/sites-available for reverse proxy purpose
activate/deactivate sites using a2ensite or a2dissite
I created the users user1, user2, user3 and added them to the group deployers. All tomcat instances created with tomcat-user are inside /opt/tomcat7/ so I changed the user ownership of the folder to tomcat7 and the group owner ship to deployers and chmod to 775. I have made a copy of /etc/init.d/tomcat7 to suit each of my instances and added them to update-rc.d. with visudo I have created DEPLOYERS Cmnd_Alias and configured it as shown below:
Cmnd_Alias DEPLOYERS= /etc/init.d/tomcat_instance_1,/etc/init.d/tomcat_instance_2,/sbin/sh,/usr/bin/service
%deployers ALL=(ALL) DEPLOYERS
I have logged in with user1 credentials and I still can't run /etc/init.d/tomcat_instance_1 start because it says "You need root privileges ...".
Can anyone help with what I am not doing right?
|