Allowing Apache on EC2 to run sudo commands via CG

2019-08-05 05:23发布

问题:

I have an Amazon (AMI) Linux EC2 instance running on AWS. I'm create a perl script that will create directories when it is called through a web url (CGI script).

However, because the browser is executing the script, the user apache is running the perl script. Because apache is not allowed to do mkdir command without using sudo none of the directories are being created.

I've modified the scripts permissions to execute (755) via the browser, however none of the mkdir commands work.

I even tried using the sudo command within the perl script, but I have no luck. However, all of the non sudo commands work such as 'cd' etc.

If anyone knows how to resolve this issue I would appreciate it.

回答1:

I've found the answer through searching.

The first thing you need to do is disable tty for the current user.. my web browser executes anything as the user 'apache' on the server.

So in my /etc/sudoers file i added

Defaults:apache !requiretty

Also i created a list of commands that I want apache to use without requiring the sudo password

Cmnd_Alias APACHE = /bin/mkdir, /bin/rmdir apache ALL=(ALL) NOPASSWD: APACHE

This allows only certain sudo commands to execute on my web server without requring the password.

NOTE: only open the /etc/sudoers file using the visudo command... DO NOT open it using just regular vim or nano because if you save it and theres an error it will **** your machine up and you may have to create a whole new server because any sudo commands wont execute.

u can specify your editor using visudo.. e.g

EDITOR=nano visudo