Image may be NSFW.
Clik here to view.
I have got my webserver application starting on boot using upstart. This is the upstart script:
# web app node upstart file at /etc/init/webapp.confdescription "web application"start on started mongodb
stop on runlevel [06]respawn
respawn limit 10 100env NODE_ENV=productionpre-start script
ulimit -n 2048
end scriptexec start-stop-daemon --start -c mainuser --exec /usr/bin/make -- -C /home/mainuser/app start-prod
This works flawlessly on Ubuntu server 10.04 LTS and I’m very happy about it.
However, I have a deployment shell script which logs in using SSH as mainuser (this is not a sudoer) and will then update the working directory to the latest deployment version.
The issue here is that the service needs to be restarted so that the applications loads the new source files. However, mainuser gets a…
mainuser@Saturn101:~$ stop webapp
-bash: stop: command not found
…when trying to stop it. I have to run sudo stop webapp, but this user cannot do this as he is not a sudoer. For security reasons I don’t want him to be a sudoer either, plus I do not want to insert the sudo password.
So how do I allow mainuser to run stop webapp and start webapp?
Image may be NSFW.
Clik here to view.
sudo is very configurable, you can allow this user to execute a limited set of commands without prompting for a password. The following line in /etc/sudoers should do what you want:
mainuser ALL = (root) NOPASSWD: /sbin/start webapp, /sbin/stop webapp
Check more discussion of this question.
