I want to be able to restart services from a php-script. running under the www-user account.
What's the preferred way to perform these actions?
I recon I can place create a file with que'd commands, read by CRON, but the solution itches.
What I'm thinking of is a tiny service, running under root, allowing predefined "methods" so arbitrary root actions cannot be executed.
Any tool out there for this?
Answer
You could reinvent the wheel, but honestly, I use passwordless sudo for this. For example, my monitoring system needs to be able to run a command to check the hardware RAID. This requires root privilege, but I don't want to run the whole monitoring system as root, so instead I have in sudoers a line that says
nagios ALL=(root) NOPASSWD: /usr/lib/nagios/plugins/check_md_raid
and then run the command sudo /usr/lib/nagios/plugins/check_md_raid as the monitoring user, when I need to check the RAID.
You could have a sudoers line that said
www-user ALL=(root) NOPASSWD: /etc/rc.d/init.d/myservice
then have php execute sudo /etc/rc.d/init.d/myservice restart.
No comments:
Post a Comment