0

I want to modify sudoers so that users in the group www-data can switch to the user www-data without a password. I know it is possible, but I don't want to break my system. Here's what I have so far:

%www-data: ALL=NOPASSWD: /usr/bin/sudo -u www-data

But I am not sure this will work. My purpose in doing this is to let the permissions in /var/www/ remain 755 and yet allow the group to make changes. Otherwise Drupal and other CMS systems send out warnings.

muru
  • 197,895
  • 55
  • 485
  • 740

1 Answers1

0

The rule should actually be:

%www-data ALL = (www-data) NOPASSWD: *

The specification in the brackets (Runas in sudoers) is to specify the target user (and/or group) (the one you specify using -u).

That said, what you should actually be doing is setting correct permissions, including the setgid bit. How to avoid using sudo when working in /var/www?

muru
  • 197,895
  • 55
  • 485
  • 740