AIX - Sudo rule setup to start/stop apache

AIX25
AIX25 used Ask the Experts™
on
/usr/local/apache/ is the path of Apache. It is currently owned by root. Please help me setup a sudo rule to start and sotp apache for specific users.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2013
Top Expert 2013
Commented:
Cmnd_Alias APACHE=/usr/local/apache/bin/apachectl start, /usr/local/apache/bin/apachectl stop
username ALL=APACHE
%groupname ALL=APACHE

or, to remove the requirement to enter one's own password:

username ALL=NOPASSWD:APACHE
%groupname ALL=NOPASSWD:APACHE

Add the above to the sudoers file by means of "visudo" (basically a "vi" wrapper),

then your users can run

sudo /usr/local/apache/bin/apachectl start
sudo /usr/local/apache/bin/apachectl stop

on behalf of root.

Author

Commented:
For example, I need to add about 3 users to be able to run this sudo rule, i.e. user1, user2, and user3, and then a seperate group called apacheapp. How would this look?
Most Valuable Expert 2013
Top Expert 2013
Commented:
User_Alias CHIEFTAINS=user1, user2, user3, %apacheapp
Cmnd_Alias APACHE=/usr/local/apache/bin/apachectl start, /usr/local/apache/bin/apachectl stop
CHIEFTAINS ALL=NOPASSWD:APACHE
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
Ok, I will test it. What was the percent sign before the groupname for?

Author

Commented:
I can still stop and start apache with no issues using root. But, when I "su - user1", and try to run /usr/local/bin/apachectl start....I get the following error:

servername:/home/user1> /usr/local/apache/bin/apachectl start
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs
servername:/home/user1>
Most Valuable Expert 2013
Top Expert 2013

Commented:
1) The Percent sign indicates a Unix Group, instead of a userid.

2) How should the shell know about sudo? In my first comment I already wrote that your users must run:

sudo /usr/local/....

Author

Commented:
Oops, that is my mistake...I forgot to use sudo.
Most Valuable Expert 2013
Top Expert 2013

Commented:
Don't worry! I saw this same mistake being made a hundred times here at EE ...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial