Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 26th August 2009, 19:37
sfunk1x sfunk1x is offline
Member
 
Join Date: Jun 2009
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
Default centos 5.2 - Apache having trouble sudo'ing httpd graceful

All -


I have a script which needs to execute the following command:

sudo /etc/init.d/httpd graceful

In the sudoers file, I have commented out requiretty and added

apache sz2 = NOPASSWD: /etc/init.d/httpd graceful


Performing an su - apache -s /bin/bash, then executing "sudo /etc/init.d/httpd graceful" will execute. However, when I have the following command in a php script and execute from a browser:

<?
echo exec('sudo /etc/init.d/httpd graceful');
?>

it won't work.

The thing is, if I execute 'setenforce 0' to turn selinux off, it works. I've attempted to change security context on the init.d/httpd script to httpd_sys_content_t, and the same thing for the /usr/sbin/httpd file to no avail.

Any suggestions on how I can get this to execute?
Reply With Quote
Sponsored Links
  #2  
Old 27th August 2009, 18:25
sfunk1x sfunk1x is offline
Member
 
Join Date: Jun 2009
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
Default

/var/log/audit/audit.log helps immensely here. A lot of policies have to be set into place to allow this to happen - through audit2allow. I will post more details when I know them....
Reply With Quote
  #3  
Old 12th November 2009, 19:59
cento_claus cento_claus is offline
Junior Member
 
Join Date: Nov 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Could you finally fix your problem?
I am having the same issue...
Reply With Quote
  #4  
Old 12th November 2009, 20:10
sfunk1x sfunk1x is offline
Member
 
Join Date: Jun 2009
Posts: 34
Thanks: 0
Thanked 0 Times in 0 Posts
 
Default

Yes, but not as I would have liked.

I finally gave up trying to give the apache user sudo rights to restart apache on the backend. In manual testing it worked (su'ing to apache user, then graceful restarting to the daemon) but in practice it was not and I didn't want to invest any more hours trying to get it to work.

The trigger I needed was when a new site would be created a new virtual host config file would be created in the /etc/httpd/conf/vhost folder (I created vhost, it's not there from the factory centos 5.2 install). The text file was just a null file that a shell script looked for every 60 seconds with the help of a cron job ran as root. If the shell script found the file, it would restart apache, if it doesn't the shell script ends gracefully.

Not very refined, but it does the job perfectly and has done so since I made this post.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Centos 5.2 + ISPConfig 3 tutorial - Problem with email tanakskool Server Operation 1 3rd June 2009 16:22
problems with suexec gobokster Installation/Configuration 7 7th May 2009 13:33
Server brought to a crawl v2k Server Operation 14 29th May 2008 17:40
CENTOS 5 Ping Problem gAnDo Server Operation 11 28th March 2008 20:58
MaxClients set to appropriate level, but ISPconfig is crashing from it (I think) bpmee Server Operation 6 11th January 2007 19:29


All times are GMT +2. The time now is 11:35.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.