Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: John-Paul Stewart Newsgroups: comp.os.linux.misc,comp.sys.raspberry-pi Subject: Re: Simple way for web to execute root shell script. Date: Fri, 23 May 2025 10:14:42 -0400 Lines: 17 Message-ID: References: <100pphq$2taj$2@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Trace: individual.net wdB8G3PJ/mz9+m1KRcW74AVobspa1WCTqocIt8NsQLCCS3QL1j Cancel-Lock: sha1:bUI43XCJZXZ+NNsKWN9B794uSlg= sha256:OLj7eZrGfJ5k1il89zAvlX6wOVwj0KIRaeaRl6qP6lg= User-Agent: Mozilla Thunderbird Content-Language: en-CA In-Reply-To: <100pphq$2taj$2@dont-email.me> Xref: csiph.com comp.os.linux.misc:67716 comp.sys.raspberry-pi:36671 On 2025-05-23 8:26 a.m., The Natural Philosopher wrote: > I have a shell script that monitors hardware stuff - it needs to run as > root and be called by Apache as user www. > >  Bookworm linux on a Pi4. > > Its all inside a domestic firewall so security is not a huge issue. > What is the quickest and simplest solution to this? Use sudo to call the script. First, drop a file into /etc/sudoers.d/ containing something like the following (untested): www ALL = (root) NOPASSWD: /path/to/script That should allow Apache running as www to call 'sudo /path/script' to run 'script' as root with no password needed. But at the same time, the www user won't be able to run anything else as root (nor any other user).