Knowledgebase
Allowing a non-privileged User the ability to execute a root level command
Part of the design of DirectAdmin is to automate root level tasks, while not allowing Users affect things that they should not.
There might be some cases where you want to allow Users to run something as root, but without giving them root access.
In this example, we'll say we want to let User restart proftpd on command.
The action done can really be anything, but this outlines the basics of how it works.
Obviously, you'd need to pick a command that you don't mind them running, possibly more often than you're expecting.
The way we'll accomplish this will be to have a root cronjob scanning for files that the User can create, eg:
1) Create a script at:
2) Then create a cron to run as root every minute which calls it:
3) Now anytime a User wants to restart proftpd, they can simply create the file /home/username/restart_proftpd, and within 1 minute, the cronjob will find their file, and tell the task.queue to restart proftpd.
It might take up to 2 full minutes for proftpd to get restarted, as the dataskq would need to find the task.queue in the same manner. If this is too long, the echo task.queue commmand could be replaced with a more direct /etc/init.d/proftpd restart command, just be careful of possible piping issues.
There might be some cases where you want to allow Users to run something as root, but without giving them root access.
In this example, we'll say we want to let User restart proftpd on command.
The action done can really be anything, but this outlines the basics of how it works.
Obviously, you'd need to pick a command that you don't mind them running, possibly more often than you're expecting.
The way we'll accomplish this will be to have a root cronjob scanning for files that the User can create, eg:
/home/username/
1) Create a script at:
/root/check_proftpd_restart.sh
and in it put the code:#!/bin/sh
COUNT=`ls /home/*/restart_proftpd 2>/dev/null | grep -c restart_proftpd`
if [ "$COUNT" -gt 0 ]; then
echo "Restarting proftpd, triggered by ";
ls /home/*/restart_proftpd
echo "action=proftpd&value=restart" >> /usr/local/directadmin/data/task.queue
rm -f /home/*/restart_proftpd
fi
exit 0;
2) Then create a cron to run as root every minute which calls it:
echo '* * * * * root /root/check_proftpd_restart.sh' > /etc/cron.d/check_proftpd
chmod 600 /etc/cron.d/check_proftpd
/etc/init.d/crond restart
3) Now anytime a User wants to restart proftpd, they can simply create the file /home/username/restart_proftpd, and within 1 minute, the cronjob will find their file, and tell the task.queue to restart proftpd.
It might take up to 2 full minutes for proftpd to get restarted, as the dataskq would need to find the task.queue in the same manner. If this is too long, the echo task.queue commmand could be replaced with a more direct /etc/init.d/proftpd restart command, just be careful of possible piping issues.