User Nobody Can’t Access File

Home » CentOS » User Nobody Can’t Access File
CentOS 5 Comments

Hey guys,

I need to give the ‘nobody’ user (which is what our apache runs as) no password access to a file, via sudo. This is what I’ve tried:

nobody ALL=(ALL) NOPASSWD: /var/www/qa/launchpadnew/site/ftp_check.php

But if I become the nobody user and try to access the file, it tries to prompt me for a password:

-bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php
[sudo] password for nobody:

Can someone please point out for me where I’m going wrong? Cuz I don’t see it!!

Thanks ! :)

Tim

5 thoughts on - User Nobody Can’t Access File

  • try “sudo php /var/www/qa/launchpadnew/site/ftp_check.php” and “sudo
    /var/www/qa/launchpadnew/site/ftp_check.php”

    You’re giving the user the ability to run
    /var/www/qa/launchpadnew/site/ftp_check.php but not necessarily php. Your script might not need it, so try it each way. And, since you’re using sudo, you need to call “sudo” before the command.

  • This whole thing sounds scary… Is there really no other (less scary) way to achieve what you want to achieve?

    Valeri

    ++++++++++++++++++++++++++++++++++++++++
    Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
    ++++++++++++++++++++++++++++++++++++++++

  • where did sudo even come into this picture?

    does this ftp_check.php script fork a shell with sudo or something?

    sounds like a VERY bad way of doing whatever it is you’re trying to do.

  • Hi,

    In sudoers file, you have to provide the whole path of the “php” command to execute any php file.

    I agree with John here. You should use better method to do this.

    –Regards Ashishkumar S. Yadav

  • Tim Dunphy writes:

    In addition to all other comments so far, ‘nobody’ is a bad choice for httpd. If this is your distro’s default, it’s a bad one. It is better to create a dedicated user that is guaranteed to be used only as configured by you.

LEAVE A COMMENT