Using Apache, I’d like to be able to start and stop a service on the same server. Essentially, I’m looking for a way to allow Apache (or some script called by Apache) to call sudo service XXXX start.
I realize there are severe security implications with this, and I’m looking to minimize the possible effects. There is only a single service that I need to do this for. I’ve seen some solutions that involve “hacking” the setuid (C/Perl wrapper), others involved editing the /etc/sudoers file.
Is there a better way?
many thanks,
S.
I suggest letting the apache-user use that one init.d-script as sudo without password by adding this to your /etc/sudoers
apache ALL=(ALL) NOPASSWD: /etc/init.d/theinitscript
And then use sudo /etc/init.d/theinitscript start instead of the command service.
Check more discussion of this question.