Sudo wants www-data user password. Not running as root?

DirtyBirdNJ's picture

Hello,

I am trying to set up some PHP scripts that will turn on/off a daemon (fatcontroller for some AWS SQS processing) via /etc/init.d/. Turnkey appliances seem to come without suod installed, so I ran a simple apt-get install sudo.

When I just use the php function:

exec('/etc/init.d/fatcontrollerd start');

I get: You need root privileges to run this script

Ok, this makes sense... the Apache www-data user doesn't have permissions to start/stop daemons. So I read about how you can give the password to the sudo command using a pipe (http://stackoverflow.com/questions/11955298/use-sudo-with-password-as-parameter), and I tried this:

exec('echo password | sudo /etc/init.d/fatcontrollerd start');

This doesn't return anything (usually exec returns output of the command)... so I tried running the same command via a terminal window after doing su www-data to see exactly what's happning. This is the output I get:

So... it looks like for whatever reason whenever I try to sudo as the www-data user, sudo appears to be trying to run the command as www-data instead of root? I tried providing sudo the -u option to force the user I'm trying to access when running sudo, but the prompt keeps asking for the www-data user password!

This issue is complicated because the Turnkey appliances do NOT come with sudo installed, so I am not entirely sure I haven't missed some important step that was required after running apt-get install sudo.

Thanks for any help you can provide!

Brooks's picture

Mine do the EXACT same thing and it drives me crazy!!!

Jeremy Davis's picture

I know it seems obvious, but you didn't explicitly say that you did so that'd be my first guess. Also by default the www-data account is locked down and won't allow login. I am not sure but perhaps that applies to running as sudo as well?

Eric (tssgery)'s picture

Sorry, but I may be a little slow today. If you're logged in as www-data and run sudo, it will prompt you for www-data's password. I would probably set this up by configurting /etc/sudoers so that www-data does not need to supply a password to run specific commands (an example can be found here).

It might help if you posted the contents of your fatcontrollerd script.


Jeremy Davis's picture

Thanks Eric... I have been away and it didn't occur to me it should have been asking for the root password... Not www-data.

Excuse me everyone... tired head! :)

Brooks's picture

What's happening is that no matter who I'm logged on as, it will always ask me for a the same user's password (sadmin in my case, even if I'm logged in as bscharff).  My sudoers file is at the default it comes with, and I can't find "sadmin" or that account's uid in there anywhere.

Eric (tssgery)'s picture

The default sudoers file won't contain specific entries for sadmin. You can follow the link I posted to see how to configure sudo so that 'sadmin' does not need to provide a password.

I suspect that the commmand you are trying to execute via fatcontrollerd is attempting to elevate permissions to the sadmin and that's why you're being prompted. 


Brooks's picture

I know sadmin won't be in there, I'm saying he isn't and therefore I don't have any idea what the issue is.

No matter who I am logged in as, when I do sudo, it always asks me for sadmin's password (rather than the loggen-on user's).

Eric (tssgery)'s picture

Just to see if I understand...

When you run "sudo ls" while logged in as bscharff, it prompts you for sadmin's password?

If so, that is a very odd thing. I always add sudo to my TKL appliances as I deem it crucial but have never seen this issue.


Brooks's picture

That is exactly what's happening.  Sudo is at the default config.  And the only password that works at that prompt is sadmin's password

Eric (tssgery)'s picture

I thought I posted this but don't see it now.

I'll try to recreate it. What TKL appliance are you seeing this on?


Brooks's picture

The only one I actively use is LAMP stack.

Eric (tssgery)'s picture

I just deployed a lamp appliance (version 13.0) and then:

- "apt-get update"

- "apt-get install sudo"

- "adduser --home /home/eric --shell /bin/bash eric"

- logged out

- logged in as eric

- ran "sudo ls". I got an error that user 'eric' was not in the /etc/sudoers file, so I added it

- ran "sudo ls" again and all worked fine

 

I don't even have an sadmin user defined in my system. Did you install other software on your appliance that might have modified  the system?


Erley's picture

Hi, try append this line in your file /etc/sudoers

www-data ALL=NOPASSWD: /etc/init.d/fatcontrollerd

And test your application again.

Kangarooo's picture

It was not asking for www-data password but for user named root or some root user witch have root access and is root and maybe has different name. Maybe your root password or some other root user password.
Jeremy Davis's picture

This thread is pretty old now, so not sure if this is still an issue.

FWIW though, AFAIK that's the fundamental difference between su and sudo. su requires the root user password, whereas sudo requires the password of the user account which you run sudo as.

Post new comment