I have a script running under a non-root user which, under certain conditions, should restart apache httpd.

What would be the simplest way for me to allow the user to do that?

I'm using Ubuntu Server 8.04 LTS.

  • 1,869
  • 5
  • 22
  • 33

3 Answers3


Short answer:

Using visudo, add the following to your sudoers file, replacing username with the proper username:

username ALL = /etc/init.d/apache2 

If you want to not have to type in a password before you do this, use the following:

username ALL = NOPASSWD: /etc/init.d/apache2 

After this, the 'username' user can execute sudo /etc/init.d/apache2 start (or stop, restart,etc)

Long answer: You'll likely want to setup a separate user for this if you haven't already, and then configure the /etc/sudoers file to allow a user or group to execute the command you want.

For example, to allow the user 'ben' to execute all commands as root prompting for a password, you would do the following:

ben ALL= ALL

To allow 'ben' to execute only one command (like say, rm), you would do the following:

ben ALL= /bin/rm 

If you are running a script as a user and don't want to prompt for a password, you'll want to use the 'NOPASSWD' option like so:

ben ALL=NOPASSWD: /bin/commandname options

You can do the same thing for groups by prefixing group names with a percentage sign, like so:

%supportstaff          ALL= NOPASSWD: /bin/commandname 
  • 79,770
  • 20
  • 184
  • 232
  • 1,618
  • 10
  • 9
  • 4
    Can `username` be restricted to a subset of parameters? Say `start` `restart` but not `stop`? – ThorSummoner Oct 12 '15 at 22:18
  • the `visudo` command does safety checks on your edits so you don't break the `sudo`/`su` command by accident: http://unix.stackexchange.com/a/27595/61349 – ThorSummoner Oct 12 '15 at 23:06

Short answer: sudo.

The call would look similar to the following: sudo /etc/init.d/apache2 restart

Easiest is to use visudo to set up the /etc/sudoers file. See man sudoers and man visudo for details.

Zayne S Halsall
  • 1,982
  • 15
  • 19
  • 1
    OP said about doing it through a script- the script won't be able to enter a password so this answer won't make any sense. – Matt Fletcher Dec 12 '14 at 12:57
  • @MattFletcher unless you use [NOPASSWD](http://www.ducea.com/2006/06/18/linux-tips-password-usage-in-sudo-passwd-nopasswd/) – Robin Kanters Jul 27 '17 at 12:31

You can also accomplish this by writing a wrapper to apache2ctl, assigning group ownership to a web administration group and setting the suid bit. This is a less general solution than visudo, but allows custom limitations on user abilities and error checking.

I wrote this tool for my own needs and have shared it on github: https://github.com/josiahjohnston/ltd_apache2ctl