0

I run Raspbian Wheezy on my Raspberry Pi, and i want to call a Python script from PHP. That all works great (i call 'exec python go.py' from php) but now i want to call a script which needs root rights.

I understood that running as root would help me out here ('exec sudo python go2.py', so i added this line of code to my sudo file

%www-data ALL=(ALL) NOPASSWD: ALL

ok, and now it works again. But then i learned that it is not a good idea to grant the www-data group unlimited sudo rights. Then i found this question (How to grant sudo rights only to specific script files?), which showed me how to grant sudo rights to a single directory:

%www-data ALL=(ALL) NOPASSWD: /var/www/exec/

And then it all stops, because that doesn't work at my machine.

Can you tell me what i'm doing wrong?

i'm using lighttpd as my webserver.

Improve this question
3
  • huh, why the -1, tell me, i might learn. Commented Feb 26, 2013 at 7:48
  • 1
    This is off-topic here (see the FAQ). It might fit on Unix & Linux or Raspberry Pi, but check their FAQ and archives first. Commented Feb 26, 2013 at 7:58
  • Ah, ok, didn't read the FAQ, thought it was for all kind of server related questions, not only for professionals. Didn't know about the Unix and Linux group, will try it there next time. The raspberry pi group off course was my first choice, but i thought this was more linux specific than Pi specific. Commented Feb 26, 2013 at 8:12

1 Answer 1

Reset to default
2

The command you need to run with sudo is python, not exec, so try this:

%www-data ALL=(ALL) NOPASSWD: /usr/bin/python /path/to/the/go2.py
Improve this answer
5
  • Ok, looks like i misunderstood things. I thought the /var/www/exec/ part of my command stated that i allowed sudo rights for the group on the DIRECTORY /var/www/exec/. Is that not a correct assumption? Commented Feb 26, 2013 at 7:59
  • How should i read your proposed line ie what does this part /usr/bin/python /path/to/the/go2.py mean? Is it the combination of the path to a program and the path to the file here, so does it say "Yo can SUDO for python, for the file '/path/to/the/go2.py'? Commented Feb 26, 2013 at 8:01
  • About the first comment: No, %www-data ALL=(ALL) NOPASSWD: /var/www/exec/ allows all users in www-data group to run all commands in the /var/www/exec/ as sudo without prompting for password. About the second: yes. Commented Feb 26, 2013 at 8:05
  • Will try it, will let you know wether it works Commented Feb 26, 2013 at 8:13
  • Hi, i ended up with this %www-data ALL=(ALL) NOPASSWD: /usr/bin/python /path/to/the/* when i only typed the filename it didn't work. i checked it, and a .py file in the /path/to/ directory wasn't executed, and one in the /path/to/the/ folder was. Does that sound logical, the wild card character being necessary? Commented Feb 27, 2013 at 8:55

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.