[CentOS] Having problems with sudoers
Gordon Messmer
yinyang at eburg.com
Fri Jan 27 02:46:59 UTC 2012
On 01/25/2012 05:09 AM, Steve Campbell wrote:
> it's saying that "sudo: sorry, you must have a tty to
> run sudo".
>
> I'm trying to enable the user "apache" to have the ability to run an
> executable from a web page. One of the common solutions is to do the
> following:
>
> Defaults:apache !requiretty
> apache ALL = NOPASSWD:/program.name
Just had a look at this... I don't see a way to use sudo with SELinux
enabled, so we have to assume that you've disabled it or set it to
permissive. That'd be useful information to include.
If you've done so, the next question would be whether your CGI is
actually running as apache, or whether you've got it SUID to some other
user.
I've confirmed on my system that a simple CGI can run sudo with the
following entries in sudoers:
Defaults:apache !requiretty, visiblepw
Cmnd_Alias ROUTER = /usr/local/bin/set-shorewall-gateway
apache ALL=(ALL) NOPASSWD: ROUTER
If it's not working for you, first run "visudo", make a change to the
file, then save and exit. If you have the syntax broken somewhere,
visudo will tell you. If you don't get warnings, watch the logs while
you try to use the web application:
tail -f /var/log/messages /var/log/secure /var/log/httpd/error_log
(or ssl_error_log)
Include the log entries that you see in your reply.
More information about the CentOS
mailing list