1

I have an issue trying to execute a command through my webserver.

What I have and what I want to achieve: I run an Apache2 webserver with group www-data (which is not a sudoer). A script which runs on the webserver should execute a command as a specific user (PHP script using "passthru").

I found out that a possible way would be to allow the group www-data to execute specific commands as sudo (also without to require a password). But I need the root privilige to run the command as a different user. Is that even possible to add as a command alias?

On top I also need to be able to pass command line parameters / arguments to the command. As a side note: one of the arguments is also a -uoption.

Is there a (better) way to achieve this? That is, because it is only one command:

sudo -u myuser -c "MY_COMMAND WITH CHANGING ARGUMENTS"

The alternative I would know of, is to use sucommand. But in that case I would need a "hack" to enter the password as the script should be executed by the server without the help of a user.

Andreas
  • 121

1 Answers1

1

I must have overlooked the obvious answer.

Adding to sudoers "source" and target user (the user on which behalf the command should get executed) with specifying the path to the program. In my case using the group instead of the user.

www-data ALL = (mytargetuser) NOPASSWD: /path/to/my/program

Solution described in this answer: https://unix.stackexchange.com/a/13058

Andreas
  • 121