Centos – sudo: apache restarting a service on CentOS


I need my web app to restart the dansguardian service (on CentOS) so it needs to run '/sbin/service dansguardian restart'
I have a shellscript in /home/topological called apacherestart.sh which does the following:

/sbin/service dansguardian restart
return $r

This runs ok (logger statement in script for testing output to syslog, so I know it's running)
To make it run, I put this in /etc/sudoers:

User_Alias      APACHE=www
# Cmnd alias specification
Cmnd_Alias      HTTPRESTART=/home/topological/apacherestart.sh,/sbin/e-smith/db,/etc/rc7.d/S91dansguardian
# Defaults specification
# User privilege specification
root    ALL=(ALL) ALL

So far so good. But the service does not restart. To test this I created a user david, and fudged the uid/gid in /etc/passwd to be the same as www:

www:x:102:102:e-smith web server:/home/e-smith:/bin/false

then logged in as david and tried to run the apacherestart.sh. The problem I get is:

/etc/rc7.d/S91dansguardian: line 51: /sbin/e-smith/db: Permission denied

even though S91dansguardian and db are in the sudoers command list.

Any ideas?

Best Answer

That doesn't look like a sudo error message to me -- it looks like a standard permissions message.

What are the permissions on /sbin/e-smith/db, and what is its shebang line (and that program's permissions), if it's a script?

Also, how are you calling the script? Just because it's mentioned in the sudoers list doesn't mean it's going to magically be special -- you actually need to call it via sudo.