Link to home
Start Free TrialLog in
Avatar of willie0-360
willie0-360

asked on

Centos 7 User to Start Apache, MariaDB, LDAP

Hello Experts:

I am setting up a CentOS 7 box.  I need to have users apache, mysql, and ldap be able to restart, stop, start the HTTPD, MariaDB, and openldap on this server.  Also, I need these users to edit their repective configuration files.

Let us say I login as user barry.  I should be able to sudo to either the apache user, the mysql user, or the ldap user to do the tasks above.

This is what I have in my /etc/sudoers file, but I can only get to change from user barry to either user apache, ldap or mysql, but I cannot run any of the commands:

For HTTPD:

User_Alias WEBUSER_USERS = barry
Host_Alias WEBSERVER01 = server01
Cmnd_Alias SERVICE_HTTPD = /sbin/systemctl start httpd, /sbin/systemclt status -l httpd, \
/sbin/systemctl stop httpd, /sbin/systemctl restart httpd, /bin/systemctl start httpd, \
/bin/systemctl status httpd, /bin/systemctl stop httpd, /bin/systemctl restart httpd
Cmnd_Alias SUAPACHE = /usr/bin/sudo apache, /usr/bin/sudo - apache,/bin/su - apache, /bin/su apache

Cmnd_Alias SUCOPY = /usr/bin/cp
Cmnd_Alias SUVIMHTTPD = /bin/vim

WEBUSER_USERS WEBSERVER01 = SERVICE_HTTPD
WEBUSER_USERS WEBSERVER01 = SUAPACHE,SUCOPY,SUVIMHTTPD


For LDAP:

User_Alias LDAPUSER_USERS = barry
Host_Alias LDAPSERVER01 = SERVER01
Cmnd_Alias SERVICE_SLAPD = /sbin/systemctl start slapd, /sbin/systemclt status -l slapd, /sbin/systemctl stop slapd, /sbin/systemctl restart slapd, /bin/systemctl start slapd, /bin/systemctl status slapd, /bin/systemctl stop slapd, /bin/systemctl restart slapd
Cmnd_Alias SULAPD = /usr/bin/sudo ldap, /usr/bin/sudo - ldap,/bin/su - ldap, /bin/su ldap


LDAPUSER_USERS LDAPSERVER01 = SERVICE_SLAPD
LDAPUSER_USERS LDAPSERVER01 = SULAPD
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Standard practice is to only allow 'root' to do those things.
Avatar of willie0-360
willie0-360

ASKER

This is something I learned how to do on CentOS 5/6 from senior Linux admins.  I need some users to be able to become the apache, mysql, and ldap users, depending on the need, but I am not getting it right on CentOS 7.

We are trying to keep people from having to do sudo to become root.

Thanks.
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks for your comments.  We are using root to run these services.