There ought to be no need to grant sudo access to ALL PROGRAMS for a user to restart a service. You can look at systemd user services, chown/setuid scripts/etc for init.d, and restrict the set of commands that SUDO can use without a password.
In any case, it's "onion security", if someone gets a shell on your machine, you're in unrecoverable trouble anyway. Lee Hambley http://lee.hambley.name/ +49 (0) 170 298 5667 On 31 March 2016 at 00:33, Stefano Schiavi <stef...@bvprojects.org> wrote: > First, thank you all for your help! > I am posting because I have yet to solve the sudo issue. I read several > posts both here and stackoverflow and tried everything I read, but I still > have yet to find something that works. I must be missing something in the > server config... I believe. > > Basically I have been unable to run commands that require sudo unless I > set my deploy user in /etc/sudoers as: > > deploy ALL=(ALL) NOPASSWD: ALL > > This is obviously not at all ideal in terms of security... > > Among other things I commented out > #Defaults requiretty > in /etc/sudoers > > > At best I got sidekiq to stop without prompting anything but even if I > typed the password nothing happened until I ctrl+c > > Can anyone please share anything I should look at in terms of server > config? > Thank you so much. > > > Versions: > > - Ruby 2.3 > - Capistrano 3.4 > - Rake / Rails / etc 4.2.6 > > Platform: > > - Working on.... MAC Yosemete > - Deploying to... Centos 5.9 > > Logs: > > - Please past logs (as completely as possible to a 3rd party pasting > service such as pastie.org) > > Files: > > - Capfile > - deploy.rb > - Stage files (production.rb, staging.rb) > > -- > You received this message because you are subscribed to the Google Groups > "Capistrano" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to capistrano+unsubscr...@googlegroups.com. > To view this discussion on the web, visit > https://groups.google.com/d/msgid/capistrano/61d23cef-e936-4016-971a-3fde805141bf%40googlegroups.com > <https://groups.google.com/d/msgid/capistrano/61d23cef-e936-4016-971a-3fde805141bf%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Capistrano" group. To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+unsubscr...@googlegroups.com. To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/CAN_%2BVLWzeHFaA_bq%3DpaaiWFNF%3DSxRn6p1%3DNQPAcOn85Duj-6FA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
