[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sudo doesn't work

sorry for the long lines... thought your mail reader can do word wrapping at the end of a line :/
using my own mailer now, since i'm at work (and so i can't test that pathname thing right now).

i have already tried to do this with 'NOPASSWD:', but then it wanted a password from me...
too bad that the user trying to run this has no valid password set at all.
but it could have something to do with the wrong path, too.

thanks for that tip anyway! i just didn't see the different pathname. maybe it'll work then...

-yves

----------
Original Message from Bob Proulx <bob@proulx.com> at 30.07.2003 05:46:47:

> Yves Goergen wrote:
> > what i would like to do:
> > a php-based web-interface should be able to run some special system commands in the name of another user, i.e. 'apache' needs to 'makemaildir /some/path' as 'exim'.
> 
> In the future if you would word wrap your postings to some column such
> as column 72 it would be most appreciated.  Those long lines are hard
> to read.  Thanks.
> 
> > how i tried this:
> > installed the sudo package and edited the sudoers file with visudo:
> >     Defaults !lecture
> >     Defaults !authenticate
> >     Host_Alias LOCAL = localhost, debian2
> >     apache LOCAL=(exim) /usr/courier/bin/maildirmake
> > what happened then:
> >     "Sorry, user apache is not allowed to execute '/usr/local/bin/maildirmake /tmp/xx' as exim on debian2."
> 
> Another poster mentioned the path difference which is probably your
> problem.  But I am not sure !authenticate is the best plan.  I would
> instead specify that certain commands don't need a password.  Like
> this:
> 
>   apache LOCAL=(exim) NOPASSWD: /usr/local/bin/maildirmake
> 
> > i've found some postings like "sudo is bad - no, sudo is good" today. i don't know whether it's good or bad, atm it's simply not suitable for my needs, though i'm convinced there must be a solution to this. anyway, i'm open for totally different approaches to get my maildir with another uid... only it must be fully automatable (no interactive questions or passwords!).
> 
> sudo is good.  :-)
> 
> Bob
Reply to: