Sudoers syntax to run shell script as php user

sudo

I want to run

  • a shell script restore
  • as postgres user
  • from php script (the user name is php)
  • using sudo (so password is not required)

the script will have few lines of code, something like

dropdb <database name>
psql -c "create database <database name> with encoding 'unicode';" -U edutemplate1
psql -d <database name> -f edu.hourly.sql
  • what would be the sudo command syntax to run the script restore

  • what would be the sudoers syntax to allow php user to run restore script as postgres user?

  • Sudo version 1.7.2p7

  • Linux testing 2.6.34-12-desktop #1 SMP PREEMPT 2010-06-29 02:39:08 +0200 x86_64 x86_64 x86_64 GNU/Linux

UPDATE

the first part of the question was already answered on SO sudoers-syntax-to-run-shell-script-as-php-user

UPDATE2

I added php ALL=(postgres) NOPASSWD: /usr/bin/id to /etc/sudoers and then did su php and then sudo -su postgres /usr/bin/id but I am asked for postgres' password. If I issue the same sudo command under the user root I will get correct output 'uid=26(postgres) gid=26(postgres) groups=26(postgres)'

UPDATE3

updating sudoers to php ALL=(postgres) NOPASSWD: ALL makes it work …

Best Answer

See also this answer for a similar scenario.

This goes in /etc/sudoers:

php ALL=(postgres) NOPASSWD: /the/restore/script

And you make php issue a command like this: sudo -u postgres /the/restore/script

Related Topic