I'm trying to prevent a password prompt on a command that runs node as the www user by adding the following line to the bottom of my /etc/sudoers file:
gituser ALL=(ALL) NOPASSWD: /usr/bin/sudo -u web-user NODE_ENV=production /path/to/node app.js
I also tried putting the command in a shell script and running that but no joy either:
gituser ALL=(root) NOPASSWD: /usr/local/sbin/startnode
Does anyone have any ideas on what I'm doing wrong?
Ultimately I'll be running this as an upstart service so the command will be "sudo service runnode stop/start" and triggered from a git hook but I guess the principle will be the same.
FYI, full contents of sudoers file:
Defaults env_reset
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Defaults
root ALL=(ALL:ALL) ALL
%admin ALL=(ALL) ALL
%sudo ALL=(ALL) ALL
gituser ALL=(ALL) NOPASSWD: /usr/bin/sudo -u web-user NODE_ENV=production /path/to/node app.js
gituser ALL=(root) NOPASSWD: /usr/local/sbin/startnode
Best Answer
Thanks everyone for your answers. I managed to get it working in the end with the help of this post by doing the following:
1. Using Separate Script
Add this line to sudoers file (using visudo).
Contents of file /usr/local/sbin/startnode changed to following:
This will now work:
2. Using the full command
Add this line to sudoers file (using visudo).
Trying to set an env variable as part of the command causes it to fail.
The solution: you have to set this env var in web-user's .bashrc file or /etc/environment.