Php – How to edit /etc/sudoers to allow a user to run specific shell scripts

Did you ever looked into things like capistrano, puppet, ansible or chef for your tasks?

You don't mention what's the scope of you work is, so I have no idea if they are of any use to you.

I would avoid "suid" at any cost. There is no point of using it having sudo installed, which seems to be the best choice for your requirements of running commands with different permissions/user ids ('sudo -u user2 command2', etc) .

Also you might want to run some sudo commands password-less as permitted commands in you key-based ssh session (ssh sshkeyaccessonlyuser@yourhost 'sudo command'). This can take care of the caching problem if you don't want to have longer password caches in sudo, and your script will not finish running a sudo command in time.

After more research it seems like another (possibly better way) to answer this would be to setup the www folder like so.

1. sudo usermod -a -G developer user1 (add each user to developer group)
2. sudo chgrp -R developer /var/www/site.com/ so that developers can work in there
3. sudo chmod -R 2774 /var/www/site.com/ so that only developers can create/edit files (other/world can read)
4. sudo chgrp -R www-data /var/www/site.com/uploads so that www-data (apache/nginx) can create uploads.

Since git runs as whatever user is calling it, then as long as the user is in the "developer" group they should be able to create folders, edit PHP files, and manage the git repository.

Note: In step (3): '2' in 2774 means to 'set Group ID' for the directory. This causes new files and sub directories created within it to inherit the group ID of the parent directory (instead of the primary group of the user) Reference: http://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories