Need to allow a user to restart bind9

To answer all three above: sudo is bloody overkill when rndc already has the capability you need, plus the option to reload nameservers other than the one on localhost.

The script rndc-confgen will generate an rndc.conf file for you that you can save to /etc/rndc.conf and make readable to www-data:

shadur@Romulus:~$ rndc-confgen 
# Start of rndc.conf
key "rndc-key" {
    algorithm hmac-md5;
    secret "zGHUrg0X5Id4rn27A0Nb9A==";
};

options {
    default-key "rndc-key";
    default-server 127.0.0.1;
    default-port 953;
};
# End of rndc.conf

# Use with the following in named.conf, adjusting the allow list as needed:
# key "rndc-key" {
#   algorithm hmac-md5;
#   secret "zGHUrg0X5Id4rn27A0Nb9A==";
# };
# 
# controls {
#   inet 127.0.0.1 port 953
#       allow { 127.0.0.1; } keys { "rndc-key"; };
# };
# End of named.conf

The commented-out part can then be added to /etc/bind/named.conf in order to tell the server that it should respond properly to that key (which is randomly generated when you run rndc-confgen.

After you've done the above and restarted bind once, the www-data user should be able to issue commands to bind via the rndc command.

rndc restart will restart the server completely; rndc reconfig will cause it to reload its named.conf file; rndc reload will check and reload all zones; rndc reload <zone> will check and reload just .

There's other commands as well; you can get a list by simply typing rndc without any commands.

Don't use a chainsaw when a scalpel will do; don't use sudo when you don't even need to be root.

Why would you not want to give the user access to to sudo to run this specific command ? This is exactly the situation that sudo is designed for.

Adding

www-data somehost= /sbin/service bind9 restart

will grant the user www-data permission to run service bind9 restart (and only that command) on somehost.

why not give them sudo rights to just restart bind?

www-data      ALL=NOPASSWD: /etc/init.d/bind9

Then you can run it and it should work.. Also you could use rndc if you setup your keys to reload bind

Completing @Mike's answer

Run visudo and the file /etc/sudoers will open in your default text editor. Do not open the file in any other way.

Then add the following line, preferably at the end

www-data      ALL = NOPASSWD: /usr/sbin/service bind9 restart

Save and exit the editor. Now the user www-data can run the following in order to restart bind

sudo /usr/sbin/service bind9 restart

rndc reload should work fine from within a PHP system() call without modification of specific permissions. I agree that restarting bind is unnecessary, since if you allow the user to do that, you'd probably end up spending more time restarting the service than it is actually up and online to serve requests.