Results 1 to 5 of 5

Thread: Issue command as a different user not working

  1. #1
    Join Date
    Mar 2009
    Beans
    54

    Question Issue command as a different user not working

    Ok, so I've been trying to find a way to refresh the configuration files of FreeRadius from a PHP page that I've been working on. I can do this one of two ways:

    1. /etc/init.d/freeradius force-reload
    2. /usr/sbin/freeradius -C



    However, the trouble I'm running in to is privileges. I know I have to do this from the sudoers file, but I can't seem to get it to work. The user for apache is www-data as default, the user for FreeRadius is freerad. My assumption is that I need to give www-data permissions to run one of those commands (preferably /usr/sbin/freeradius -C) as either root or freerad without prompting for a password. But HOW?!

    I've edited the sudoers file a million different times. Anything that's bold is something I haven't changed:

    Code:
    www-data        localhost = (ALL) NOPASSWD: /usr/sbin/freeradius -C
    I have a feeling it's something stupid like a space where it shouldn't be, but I've played around with different formatting and still can't get the command to work. What's worse is the /usr/sbin/freeradius -C doesn't return an output that I can tell nor does an entry appear to show up in /var/log/auth.log. My brain is shot, someone help me please.

  2. #2
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    8,927
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Issue command as a different user not working

    Must the command be issued by one of those users? Perhaps /usr/sbin/freeradius is only executable by root? The simplest fix in this case is to let other users run the command with "sudo chmod a+x /usr/sbin/freeradius". A more nuanced approach would create a group with executable rights on the file, then putting the www-data user into that group.

  3. #3
    Join Date
    Mar 2009
    Beans
    54

    Re: Issue command as a different user not working

    Quote Originally Posted by SeijiSensei View Post
    Must the command be issued by one of those users? Perhaps /usr/sbin/freeradius is only executable by root? The simplest fix in this case is to let other users run the command with "sudo chmod a+x /usr/sbin/freeradius". A more nuanced approach would create a group with executable rights on the file, then putting the www-data user into that group.
    Code:
    root@buee-ubuntu:/usr/sbin# chmod a+x freeradius 
    root@buee-ubuntu:/usr/sbin# ls -al freeradius 
    -rwxr-xr-x 1 root root 283912 2011-05-19 10:50 freeradius
    root@buee-ubuntu:/usr/sbin# freeradius -C
    root@buee-ubuntu:/usr/sbin# echo $?
    0
    root@buee-ubuntu:/usr/sbin# su - www-data
    $ /usr/sbin/freeradius -C
    $ echo $?
    1

  4. #4
    Join Date
    Apr 2008
    Location
    LOCATION=/dev/random
    Beans
    5,767
    Distro
    Ubuntu Development Release

    Re: Issue command as a different user not working

    Quote Originally Posted by buee View Post
    Ok, so I've been trying to find a way to refresh the configuration files of FreeRadius from a PHP page that I've been working on. I can do this one of two ways:

    1. /etc/init.d/freeradius force-reload
    2. /usr/sbin/freeradius -C



    However, the trouble I'm running in to is privileges. I know I have to do this from the sudoers file, but I can't seem to get it to work. The user for apache is www-data as default, the user for FreeRadius is freerad. My assumption is that I need to give www-data permissions to run one of those commands (preferably /usr/sbin/freeradius -C) as either root or freerad without prompting for a password. But HOW?!

    I've edited the sudoers file a million different times. Anything that's bold is something I haven't changed:

    Code:
    www-data        localhost = (ALL) NOPASSWD: /usr/sbin/freeradius -C
    I have a feeling it's something stupid like a space where it shouldn't be, but I've played around with different formatting and still can't get the command to work. What's worse is the /usr/sbin/freeradius -C doesn't return an output that I can tell nor does an entry appear to show up in /var/log/auth.log. My brain is shot, someone help me please.
    Are you still using sudo in front of the command to run the command as the www-data user, ie:
    Code:
    sudo /usr/sbin/freeradius -C
    Editing the sudoers file still means you have to use sudo, you just aren't prompted for a password.
    Cheesemill

  5. #5
    Join Date
    Mar 2009
    Beans
    54

    Re: Issue command as a different user not working

    Quote Originally Posted by Cheesemill View Post
    Are you still using sudo in front of the command to run the command as the www-data user, ie:
    Code:
    sudo /usr/sbin/freeradius -C
    Editing the sudoers file still means you have to use sudo, you just aren't prompted for a password.
    That got it. I knew it was something stupid that I was doing. Thank you for your help. 2 weeks of banging my head on a desk and you solved it in less than 2 minutes.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •