On 9/25/05, Sagi Bashari <[EMAIL PROTECTED]> wrote:
> On 9/25/05, Michael Green <[EMAIL PROTECTED]> wrote:
> > I need to give a user rights to administer Apache2 webserver (SLES9).
> > As I see it, and given that there is no need to install aadditional
> > apache modules he only needs the ability "to vi" files in the
> > /etc/apache2 directory + /etc/sysconfig/apache2 and be able to
> > /etc/init.d/apache2 {start|stop|restart|whatever} (or using rcapache2
> > - the SuSE'ish way)
> >
> > What would be the most elegant to achieve this? Should I create a
> > separate user for this and then chown accordingly all/part apache2
> > files?
>
> Create a new group named webadmin or similar, give the group write
> access to these files and add the user to the group.
>
> Let him run /etc/init.d/apache2 through sudo.
>
One thing I forgot - there may be a security implication for this. The
apache config file contains the user which apache runs as. If you let
him edit this file, he can probably gain access to any other user on
the system, maybe even root.
Sagi
================================================================To unsubscribe,
send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
