http://qs1969.pair.com?node_id=139875


in reply to Re: Re: Re: Re: Executing Root Commands from user level
in thread Executing Root Commands from user level

Ok, I've seen versions of sudo (maybe thrown together for a specific system) that lack the fine grained control that the modern versions of sudo appear to have, and that turned me off to the use of sudo in favor of other fine-grained solutions.

But you and I both have the same message: security (in general, and in this case) means to only allow specific cases to be accepted, instead of denying general cases, as it's more likely to find a hole in those general cases that will break your security than in the former case. So if the original poster does use sudo, make sure to set up the sudo table as arhuman as indicated to make sure only those that need to restart apache have the ability to do so , and only that ability. And this would require no extra special script or the like, just the line that is above in the sudo configuration file.

-----------------------------------------------------
Dr. Michael K. Neylon - mneylon-pm@masemware.com || "You've left the lens cap of your mind on again, Pinky" - The Brain
"I can see my house from here!"
It's not what you know, but knowing how to find it if you don't know that's important