Q. I am responsible for 5 Apache webservers. Recently we hired a new Linux sys admin. How do I give new admin only permission to start and restart Apache web server? How do I setup sudo for the same via sudoers file? I am using RedHat Enterprise Linux.
A. sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file.
sudo is great way to avoid security problems. sudo requires that users authenticate themselves with a password by default. sudo also logs user command is log file.
Use visudo command to setup job for a new sys admin called jerry, so that user can start or stop Apache webserver:
# visudo
Append following line:
vivek hostname=/etc/init.d/httpd start, /etc/init.d/httpd stop,/etc/init.d/httpd restart, /sbin/services httpd restart
Save and close the file. Jerry has to type following command:
$ sudo /etc/init.d/httpd restart
When prompted jerry need to provide his password. More information is regarding sudo is available here.
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 2 comments… read them below or add one }
Sudo is kind of the standard in this area, but here are a few others that might be of interest to people:
calife
chiark-really
That said, I use sudo. :-)
If you want to achieve it without typing password, then type “visudo” and put:
webalizer ALL=NOPASSWD: /sbin/service httpd start, /sbin/service httpd stop, /sbin/service httpd restart