[CentOS] Having problems with sudoers

Gordon Messmer yinyang at eburg.com
Fri Jan 27 02:46:59 UTC 2012

On 01/25/2012 05:09 AM, Steve Campbell wrote:
> it's saying that "sudo: sorry,  you must have a tty to
> run sudo".
> I'm trying to enable the user "apache" to have the ability to run an
> executable from a web page. One of the common solutions is to do the
> following:
> Defaults:apache  !requiretty
> apache    ALL = NOPASSWD:/program.name

Just had a look at this...  I don't see a way to use sudo with SELinux 
enabled, so we have to assume that you've disabled it or set it to 
permissive.  That'd be useful information to include.

If you've done so, the next question would be whether your CGI is 
actually running as apache, or whether you've got it SUID to some other 

I've confirmed on my system that a simple CGI can run sudo with the 
following entries in sudoers:

Defaults:apache         !requiretty, visiblepw
Cmnd_Alias ROUTER = /usr/local/bin/set-shorewall-gateway
apache  ALL=(ALL)       NOPASSWD: ROUTER

If it's not working for you, first run "visudo", make a change to the 
file, then save and exit.  If you have the syntax broken somewhere, 
visudo will tell you.  If you don't get warnings, watch the logs while 
you try to use the web application:

tail -f /var/log/messages /var/log/secure /var/log/httpd/error_log

(or ssl_error_log)

Include the log entries that you see in your reply.

More information about the CentOS mailing list