I would like to allow my PHP script (hosted with apache2) to execute commands with another user account.
I don't want another website hosted on the server to be able to connect to that another user account.
If i add a rule in /etc/sudoers then it will allow anyone of the website to use that user.
The solution i came was to use ssh, with a private key and public key. The PHP script launch a ssh connection with the server it is hosted on, on the desired user account.
Is there another way than my solution with ssh ?
Best regards
Best Answer
My gut feeling tells me that what you're doing is a terrible idea. But actually you haven't given enough background on the reason why you'd want that and what the use case is to tell this really.
But your thought about
sudo
is wrong whether this is a good idea or not.A sudoers entry is defined as:
Which means that the user
USER
is being allowed to runCMD
as userRUNAS
(if given). So you could construct yoursudoers
entry like this:This will allow the user
www-data
on the host specified (orALL
if you give that asYOUR-HOSTNAME
) to execute the program/path/to/command
as userYOUR-USER
without a password.You can also supply
ALL
as command, allowing every commandYOUR-USER
has access to.Example
With your given exemplaric values a sudoers line would consist of the following (assuming
mydeployer
as the hostname andthedeployer
as the username):