I have got my webserver application starting on boot using upstart. This is the upstart script:
# web app node upstart file at /etc/init/webapp.conf
description "web application"
start on started mongodb
stop on runlevel [06]
respawn
respawn limit 10 100
env NODE_ENV=production
pre-start script
ulimit -n 2048
end script
exec start-stop-daemon --start -c mainuser --exec /usr/bin/make -- -C /home/mainuser/app start-prod
This works flawlessly on Ubuntu server 10.04 LTS and I'm very happy about it.
However, I have a deployment shell script which logs in using SSH as mainuser (this is not a sudoer) and will then update the working directory to the latest deployment version.
The issue here is that the service needs to be restarted so that the applications loads the new source files. However, mainuser gets a…
mainuser@Saturn101:~$ stop webapp
-bash: stop: command not found
…when trying to stop it. I have to run sudo stop webapp, but this user cannot do this as he is not a sudoer. For security reasons I don't want him to be a sudoer either, plus I do not want to insert the sudo password.
So how do I allow mainuser to run stop webapp and start webapp?
Best Answer
sudo is very configurable, you can allow this user to execute a limited set of commands without prompting for a password. The following line in
/etc/sudoersshould do what you want: