Configuring sudo to work without password

Question

I'm trying to configure sudo to allow all users to restart apache without having to enter a password.

Security concerns aside, why isn't this working?

I added the line to /etc/sudoers: %admin ALL=NOPASSWD: /usr/sbin/apache2ctl

$sudo -l
User aidan may run the following commands on this host:
    (root) NOPASSWD: /usr/sbin/apache2ctl
    (ALL) ALL

$sudo /usr/sbin/apache2ctl
[sudo] password for aidan:

Thanks for any help.

In my testing on Ubuntu 9.10, this worked. Care to post your entire sudoers file (redactions allowed)? — Scott Pack, Apr 18 '10 at 13:39

Kyle Brandt · Accepted Answer · 2010-04-18T14:27:06.160

6

That should work fine assuming you put the %admin ALL=NOPASSWD: /usr/sbin/apache2ctl after the ALL rule and your goal is to have users of the admin group require a password for sudo for everything but the apache2ctl command.

What you probably want from what you said however is group of users that can start and stop apache, say apachestart. Then:

%apachestart ALL= NOPASSWD: /usr/sbin/apache2ctl

I think you might be able to make it truly everyone by replacing %apachestart with ALL, but I would recommend that even less.

edited Apr 18 '10 at 14:27

answered Apr 18 '10 at 14:15

Kyle Brandt

82,107
71
302
444

4

You only need to logout and login in this setup if you modify the groups of the logged-in user. (Actually, you don't even need to do that; you can use `newgrp` to change groups.) – MikeyB Apr 18 '10 at 14:30
Brilliant, thanks. I had it before the ALL rule. I didn't think it mattered because I could see my new rule in `sudo -l` – aidan Apr 20 '10 at 15:34

Configuring sudo to work without password

1 Answers1

Linked