I have a few scripts in a directory which I need www-data
to run (from PHP) with root permissions. It seems like
CMND_ALIAS= /path/to/script, /bin/sh
www-data ALL=(ALL) NOPASSWD: CMND_ALIAS
gives www-data a little much freedom, since couldn't it execute any script using /bin/sh
at that point? Yet, if I take /bin/sh
off the alias, the scripts don't work. Does anyone know the proper way to specifically allow root access to ONLY a few scripts in /etc/sudoers
?
Best Answer
Sounds like a job for Apache's "suexec"
http://httpd.apache.org/docs/current/suexec.html