[SOLVED] Running a Script as root

[matt_thumper]

Hi,

I'd like to run my Apache start-up script under my own userid and not have to su over to root each time in order to run it.

But if I run the script as myself I get errors on the "/usr/local/apache2/bin/apachectl start" portion (which is the 'main' purpose of the script):
(13)Permission denied: make_sock: could not bind to address [::]:80
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
Unable to open logs

I don't care to waste anymore time just now, or spend anymore energy just now trying to resolve *those* problems. The script works fine when I execute it logged in as root (su).

I've changed the permissions to 4777 so that *me* running the script that is executed *as root* should work:

ls -l apache_up.sh
-rwsrwxrwx. 1 matt matt 1114 Jul 22 16:42 apache_up.sh

But it still gives the above errors.
I thought changing the sticky bit would work.

How do I run this script myself and have it execute the "/usr/local/apache2/bin/apachectl start" command - so that I don't have to su each time?

TIA, Matt

[Rubberman]

I'm not 100% certain, but I think that apachectl is also a script, so setting the setuid bit (it's not a sticky bit - different thing) won't work for the binaries it starts.

[jselover]

Processes like Apache, mysql, named, etc. that require binding to a network port to work have to be started as root, since root is the only user that can bind to network ports. All these processes start as root, bind to net ports, then drop to their own user, and start running. The standard way to seamlessly start these processes as a regular user is to use sudo by adding the script or program to /etc/sudoers. Sudo can start your script as root, without asking for a password, so all subsequent commands are run as root as well. Avoid using 'ALL= NOPASSWD:' in /etc/sudoers, limit commands to as few uids as possible.

The suid way of starting programs as root is the old way, and it may work for you, but to work, I believe root must own the file, not yourself, as suid says allow users to run this command as if they are the owner of the file. The user running the program must a member of the group of the file, too. One more thing, there are file system and kernel settings that can prevent suid from working.

Good luck

[meton_magis]

Processes like Apache, mysql, named, etc. that require binding to a network port to work have to be started as root, since root is the only user that can bind to network ports. All these processes start as root, bind to net ports, then drop to their own user, and start running. The standard way to seamlessly start these processes as a regular user is to use sudo by adding the script or program to /etc/sudoers. Sudo can start your script as root, without asking for a password, so all subsequent commands are run as root as well. Avoid using 'ALL= NOPASSWD:' in /etc/sudoers, limit commands to as few uids as possible.

The suid way of starting programs as root is the old way, and it may work for you, but to work, I believe root must own the file, not yourself, as suid says allow users to run this command as if they are the owner of the file.

Good luck

just want to point out that you only need to be root to bind to ports <= 1024, everything above that is fair game for all users.

[matt_thumper]

Thanks for the responses.

The answers were provided by people from linux questions dot org:

sudo ./apache_up.sh

(after doing the appropriate sudo 'stuff')

and the resolution to having Apache come up at boot time:

put "/usr/local/apache2/bin/apachectl start" into /etc/rc.local

These worked.

Hope these two very simple and straight-forward answers will help some future Googler trying to bring up Apache at boot time and, on occasion, trying to bring it up as someone other than root.
My advice is just skip all the convuluted difficult stuff that you can *try* until the cows come home and just try what works.