srodden
asked on
Editing sudoers with a script
Hi folks,
I'm creating a bash script that will prepare a vanilla ubuntu server for a custom web app. I need to add www-data to the sudoers file for later automation purposes.
I had hoped that the following would work but with hindsight, it's clear that doing it via sudo isn't going to work!
sudo chmod 640 /etc/sudoers
sudo echo "www-data ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
sudo chmod 440 /etc/sudoers
Can anyone suggest a way for me to automate the editing of sudoers? The less I need the user to perform manually, the better.
As a second request, can anyone suggest how to tighten the sudo entry for my needs? I have a perl script that is doing "sudo service myapp stop" so all www-data really needs is the ability to start and stop a single service.
Thanks,
Sean
I'm creating a bash script that will prepare a vanilla ubuntu server for a custom web app. I need to add www-data to the sudoers file for later automation purposes.
I had hoped that the following would work but with hindsight, it's clear that doing it via sudo isn't going to work!
sudo chmod 640 /etc/sudoers
sudo echo "www-data ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
sudo chmod 440 /etc/sudoers
Can anyone suggest a way for me to automate the editing of sudoers? The less I need the user to perform manually, the better.
As a second request, can anyone suggest how to tighten the sudo entry for my needs? I have a perl script that is doing "sudo service myapp stop" so all www-data really needs is the ability to start and stop a single service.
Thanks,
Sean
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Oops, BitFreeze told more or less the same as I did while I was typing my answer.
ASKER
Thanks guys. I have restricted sudo rights for www-admin to the scripts in question but I couldn't easily find an elegant way to automate it when logged in as a non-root user. They'll just have to do it manually and use the script for the rest. Thanks for your feedback.