Tomcat – What to change in /etc/sudoers to allow restarting service

sudotomcat

I want an unprivileged user to be able to restart tomcat on my server. So I edited /etc/sudoers as follows

username  ALL=/etc/init.d/tomcat6

However, when the user runs /etc/init.d/tomcat6 restart he gets this error:

Starting tomcat server...
 touch: cannot touch `/var/tomcat6/logs/catalina.out': Permission denied
/var/tomcat6/bin/catalina.sh: line 314: /var/tomcat6/logs/catalina.out: Permission denied

How do I allow this user to run tomcat without giving him write permission on the log file /var/tomcat6/logs/catalina.out ?

[root@jsp1 ~]# ll /var/tomcat6/logs/catalina.out
-rw-r--r-- 1 root root 272669097 Feb 27 21:50 /var/tomcat6/logs/catalina.out

Best Answer

Make sure to actually run the command with sudo when you try it.

Related Solutions

Scripts That Need (some) Root Access

Did you ever looked into things like capistrano, puppet, ansible or chef for your tasks?

You don't mention what's the scope of you work is, so I have no idea if they are of any use to you.

I would avoid "suid" at any cost. There is no point of using it having sudo installed, which seems to be the best choice for your requirements of running commands with different permissions/user ids ('sudo -u user2 command2', etc) .

Also you might want to run some sudo commands password-less as permitted commands in you key-based ssh session (ssh sshkeyaccessonlyuser@yourhost 'sudo command'). This can take care of the caching problem if you don't want to have longer password caches in sudo, and your script will not finish running a sudo command in time.

Ubuntu /etc/sudoers problem

You need to log in as root, because you will not be able to use sudo until you fixed it. If you have set a root password, type su and go ahead. If not, you need some kind of rescue system or the possibility to change the kernel parameters in grub.

Are you able to boot into a rescue system? Then mount your root filesystem somewhere and change the permissions of the file to 0440.

Are you able to change the kernel options? then add init=/bin/sh to it and boot. When the prompt appears, change your password like this:

# mount -o remount,rw /
# passwd
  [...]
# mount -o remount,ro /
# reboot

Then boot up your server and get root with su. Disable the root password afterwards

A third option would be to use security leaks in your system to become root. But I can't and don't want to help you there

Best Answer

Related Solutions

Scripts That Need (some) Root Access

Ubuntu /etc/sudoers problem

Related Topic