Use sudo or sudoers to start, stop & restart Apache

Q. I am responsible for 5 Apache webservers. Recently we hired a new Linux sys admin. How do I give new admin only permission to start and restart Apache web server? How do I setup sudo for the same via sudoers file? I am using RedHat Enterprise Linux.

A. sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file.

sudo is great way to avoid security problems. sudo requires that users authenticate themselves with a password by default. sudo also logs user command is log file.

Use visudo command to setup job for a new sys admin called jerry, so that user can start or stop Apache webserver:
# visudo
Append following line:
vivek hostname=/etc/init.d/httpd start, /etc/init.d/httpd stop,/etc/init.d/httpd restart, /sbin/services httpd restart

Save and close the file. Jerry has to type following command:
$ sudo /etc/init.d/httpd restart

When prompted jerry need to provide his password. More information is regarding sudo is available here.


🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 4 comments so far... add one


CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
4 comments… add one
  • Marc Dec 2, 2006 @ 23:48

    Sudo is kind of the standard in this area, but here are a few others that might be of interest to people:

    calife
    chiark-really

    That said, I use sudo. :-)

  • Igor Nov 5, 2010 @ 13:41

    If you want to achieve it without typing password, then type “visudo” and put:

    webalizer ALL=NOPASSWD: /sbin/service httpd start, /sbin/service httpd stop, /sbin/service httpd restart

  • Jose carlos dos santos Dec 24, 2015 @ 20:03

    Muito bom

  • Holger Aug 15, 2017 @ 20:56

    The line appended to the sudoers file it should read:
    jerry hostname=/etc/init.d/httpd start, …
    instead of
    vivek hostname=/etc/init.d/httpd start, …
    as long as of course Jerrys username is jerry and not vivek.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum