Results 1 to 8 of 8

Thread: Invoking a script from WEBAPP with superuser permissions

Hybrid View

  1. #1
    Join Date
    Nov 2011
    Beans
    3

    Post Invoking a script from WEBAPP with superuser permissions

    Hi

    I am trying to run a script from a webapp on tomcat6. The problem is that I need superuser permissions for tomcat6 user to run the script.

    I have not changed my sudoers file, I just created a new one at /etc/sudoers.d/ that looks like this:

    Defaults env_keep += "JAVA_HOME"

    # Host alias specification

    # User alias specification

    # Cmnd alias specification
    Cmnd_Alias TOMCAT_ALLOWED = /opt/domotics/databasebackup.sh, /usr/bin/innobackupex

    # User privilege specification
    tomcat6 ALL=(ALL) NOPASSWD: TOMCAT_ALLOWED

    The problem is that I keep getting this error:
    "sudo no tty present and no askpass program specified"

    I know why I am getting this error, I just do not know how to solve it :S

    I have already used "Defaults visiblepw" but this option only makes my webapp act like an endless loop (prompts for a password and I do not want that behavior).

    Am I missing something? (information in http://ubuntuforums.org/archive/index.php/t-639803.html is not solving my problem either)

    PS: Release
    DISTRIB_ID=Ubuntu
    DISTRIB_RELEASE=11.10
    DISTRIB_CODENAME=oneiric
    DISTRIB_DESCRIPTION="Ubuntu 11.10"

    If you need more information, just let me know

    Thanks in advance,
    Sérgio
    Last edited by Sérgio André; November 30th, 2011 at 03:17 PM.

  2. #2
    Join Date
    Feb 2008
    Beans
    4,157
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Invoking a script from WEBAPP with superuser permissions

    "The problem is that I need superuser permissions for tomcat6 user to run the script."

    Why? It doesn't seem reasonable.

  3. #3
    Join Date
    Nov 2011
    Beans
    3

    Re: Invoking a script from WEBAPP with superuser permissions

    I want my webapp to be able to run the innobackupex command. This command requires sudo to run successfully. That is why I am trying to give the user tomcat6 the chance to run it without sudo password. This process must be "transparent" to the webapp user.

    EDIT: Now that I read my first post and yours, I explained it wrongly. I do not want tomcat6 to be superuser or run as superuser. I just want tomcat6 to be allowed run those commands.
    Last edited by Sérgio André; November 30th, 2011 at 06:45 PM.

  4. #4
    Join Date
    Feb 2008
    Beans
    4,157
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Invoking a script from WEBAPP with superuser permissions

    If the command requires sudo, your databases are in the wrong location.

    Also note what the suppliers of innobackupex say: "We are currently not satisfied with the architecture, code quality and maintainability, or functionality of innobackupex, and we expect to replace it with something else in the future."

  5. #5
    Join Date
    Nov 2011
    Beans
    3

    Re: Invoking a script from WEBAPP with superuser permissions

    Thank you for the reply.

    To be honest, my databases are not in the wrong location, the innobackupex requires access to the mysql database (would be fine if it was only dependent of my databases to run). I would have to change mysql permissions or allow innobackupex to run with sudo. Honestly I prefer the second choice.

    About innobackupex, I have to agree, they have a lot of things to improve (my database user needs full grants to mysql database, needs sudo to backup any user database, etc.) and I am expecting that, but at the moment I really have to use it

    Anyway, I was able to make tomcat6 capable of running innobackupex

    Thanks for the all the help and advices

  6. #6
    Join Date
    Oct 2012
    Beans
    2

    Re: Invoking a script from WEBAPP with superuser permissions

    Sérgio André how did you fix it.. I have the same problem has you

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •