Apache without shell user needs to sudo -u gituser git fetch

To: debian-user <debian-user@lists.debian.org>
Subject: Apache without shell user needs to sudo -u gituser git fetch
From: Redalert Commander <redalert.commander@gmail.com>
Date: Wed, 19 Mar 2014 16:10:34 +0100
Message-id: <[🔎] CAMDu+mPvPB6oucxtTVLJuwPzohi-kwsySE2XoRdXZU=zrqqVYQ@mail.gmail.com>

Hello list,

I'm writing a small script that is invoked from an Apache web server
(CGI, or PHP).
The script needs to run several commands as another user, I opted for 'sudo'.

It is fairly easy for most commands, but I'm stuck on one:
sudo -u gituser git fetch

Under the covers this command connects to a remote SSH server, giving
me this error:

ssh_exchange_identification: Connection closed by remote host
fatal: The remote end hung up unexpectedly

The ssh connection is using passwordless ssh key login, so this can
run non-interactively.
Just changing the shell of the apache user to /bin/bash works, but I
don't like giving that user (apache) a real shell.

The gituser does have a valid shell of /bin/bash.
The 'requiretty' option for sudo is already disabled (otherwise other
commands don't work either).
Any ideas on how to solve this? Is giving the apache user a valid
shell the only way forward?

Best regards,
Steven

Reply to:

Prev by Date: problem with amanda after upgrading to debian wheezy
Next by Date: Re: Great Debian experience
Previous by thread: problem with amanda after upgrading to debian wheezy
Next by thread: Great Debian experience, part 2
Index(es):
- Date
- Thread