Ubuntu, apache - sudoers problem

0

I need to execute a script via php (php5.xx), server running apache2 (Ubuntu 10.04). The script needs to be executed as another user.

I added following lines to /etc/sudoers file:

Cmnd_Alias SECURE_SVN_UPDATE = /path_to_script/just_svn_update.sh
#www-data ALL=(ALL,!root,!#0) NOPASSWD: SECURE_SVN_UPDATE
www-data ALL=(ALL) NOPASSWD: SECURE_SVN_UPDATE

(I tried both lines)

And in PHP, I call

exec("sudo -u theuser SECURE_SVN_UPDATE")

I get the error

sudo: no tty present and no askpass program specified

I tried setting

Defaults visiblepw

in the sudoers file, but after that, running the command from PHP gives error:

sudo: 3 incorrect password attempts.

Can someone please tell me how to fix this OR a method to achieve it without compromising security. (I want apache to be able to execute just that script as another user, nothing else).

tanon

Posted 2011-08-31T08:09:58.793

Reputation: 21

Answers

0

Rather then trying to sudo execute a file, why not have an apache running for a particular virtual host as a user that you want to have the privilege to update the source code you are trying to pull down?

This link refers to the way of setting the user http://httpd.apache.org/docs/current/mod/mpm_common.html#user

Secondly if I understand correctly what you are trying to do is: You have a webserver remotely. You want to log in and have it pull the updated code from SVN. Normally the methods for deployment require a more hands on approach like rsync, FTP, or SFTP/SCP push .

Karlson

Posted 2011-08-31T08:09:58.793

Reputation: 2 163

Asked: 2011-08-31T08:09:58.793

Viewed: 841 times

Active: 2011-12-03T03:32:54.147