Unix & Linux Asked by Seán McCabe on November 21, 2021
I’m trying to make it so a user can reload PHP-FPM without needing a password everytime.
I’ve added the following to the /etc/sudoers file using pkexec visudo, and there are no syntax errors, but it is still not working, any ideas?
Defaults exempt_group=forge
User_Alias FORGE = forge
Cmnd_Alias FORGE_COMMANDS = /usr/sbin/service php-fpm *
FORGE ALL = (ALL) NOPASSWD: FORGE_COMMANDS
I’ve hunted everywhere and this seems to be a common problem of getting it to work, but each question doesn’t seem to have an answer, or one that works for me.
Using CentOS 7.
Thanks.
When using sudo -u I get the following:
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Multiple identities can be used for authentication:
I can then proceed as normal, but the point is for forge to be able to do this without requiring authentication.
Managed to get this working after additional hunting.
Turns out the addition to the sudoers file needed to be in the right place, not just at the bottom of the file where everyone apparently tells you to put it.
So after:
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
and before:
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
I put in:
## Allows forge to restart the php-fpm service
forge ALL=NOPASSWD: /usr/sbin/service php-fpm restart
Hopefully this will help a few people out, seems to be a lot of people out there having the same issue.
Just replace forge with the user you want to grant the permission too.
Answered by Seán McCabe on November 21, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP