On my ubuntu server I have an application MyApp
which runs as a daemon with its own user myapp
.
Then I have a web application MyPortal
which runs in apace httpd as user www-data
. This application serves a web page with a Redeploy MyApp
button. When clicking this button I want to start the script redeploymyapp
. This script stops the MyApp deamon, upgrades the application and starts the daemon again.
The problem is, that the redeploymyapp
script needs to be executed by the user myapp
, while MyPortal is running as www-data
.
What is te best way to solve this problem?
Configure sudo to let www-data execute that script as either myapp or root (depending on which is preferred), then execute it as sudo redeploymyapp.
It should be as simple as:
www-data ALL=(myapp) NOPASSWD: redeploymyapp
added via visudo. Probably also worth noting that redeploymyapp should be completely self-contained (that is, no arguments provided by a web request, no use of environment variables, etc.)
One option is to let MyPortal, when the button is pressed, write a value to a in a database or to a file. In turn MyApp continuously monitors that database/file.
Otherwise you can use some suexec magic to make sure that redeploymyapp can be run as the myapp user. What suexec solution is the most suitable really depends on what scripting language you are using etc.
(Dealing with PHP scripts I have good experiences with suPHP.)
Then there is also, as James mentions, the sudo route.