sudoers syntax to run shell script as php user?

Question

I want to run

a shell script restore
as postgres user
from php script (the user name is php)
using sudo (so password is not required)

the script will have few lines of code, something like

dropdb <database name>
psql -c "create database <database name> with encoding 'unicode';" -U edutemplate1
psql -d <database name> -f edu.hourly.sql

what would be the sudo command syntax to run the script restore
what would be the sudoers syntax to allow php user to run restore script as postgres user?
Sudo version 1.7.2p7
Linux testing 2.6.34-12-desktop #1 SMP PREEMPT 2010-06-29 02:39:08 +0200 x86_64 x86_64 x86_64 GNU/Linux

UPDATE

the first part of the question was already answered on SO sudoers-syntax-to-run-shell-script-as-php-user

UPDATE2

I added php ALL=(postgres) NOPASSWD: /usr/bin/id to /etc/sudoers and then did su php and then sudo -su postgres /usr/bin/id but I am asked for postgres' password. If I issue the same sudo command under the user root I will get correct output 'uid=26(postgres) gid=26(postgres) groups=26(postgres)'

UPDATE3

updating sudoers to php ALL=(postgres) NOPASSWD: ALL makes it work ...

score 2 · Accepted Answer · edited Apr 13 '17 at 12:14

2

See also this answer for a similar scenario.

This goes in /etc/sudoers:

php ALL=(postgres) NOPASSWD: /the/restore/script

And you make php issue a command like this: sudo -u postgres /the/restore/script

edited Apr 13 '17 at 12:14

Community

1

answered Mar 28 '11 at 08:42

MattBianco

617

score 0 · Answer 2 · answered Mar 28 '11 at 05:11

You can do it from root "su $USERNAME -c "command"" anyway you can do it VIA sudo as well, if You can please describe what You wanna do exactly? For example from which user? is it require password? (you can define it in /etc/sudoers) By "php user" You mean www-data, or nobody or other user?

sudoers syntax to run shell script as php user?

UPDATE

UPDATE2

UPDATE3

2 Answers2