Reload Apache Using ACME User

Patrick Bucher

11/28/22, 6:23 PM

I run a web server on Debian 10 (Buster) and Apache 2.4.38. I created a special user acme that runs scripts for renewing TLS certificates.

$ cat /etc/passwd | grep ^acme
acme:x:1002:1002::/var/acme:/usr/bin/nologin
$ cat /etc/group | grep ^acme
acme:x:1002:

This acme user should be allowed to reload the Apache 2 configuration after the certificates were renewed. So I added this line to my /etc/sudoers using visudo(8):

%acme   ALL=(root) NOPASSWD: /etc/init.d/apache2 reload

Unfortunately, this doesn't work:

$ sudo -u acme /etc/init.d/apache2 reload
[....] Reloading apache2 configuration (via systemctl): apache2.serviceFailed to reload apache2.service: Access denied                                                                                                                  
See system logs and 'systemctl status apache2.service' for details.                                                                                                                                                                     
 failed!

Have I missed something?

1 + 0

sudo

apache2

debian-buster

Score:1

Server

Gerald Schneider

11/28/22, 6:49 PM

You need to BE the user acme when you run sudo, not with -u acme.

acme@host:~ $ sudo /etc/init.d/apache2 reload

Another possible issue:

The % in your sudoers file denotes that acme is a group. This is not an issue when your user is in a group called acme, but it is if he is not.

0 + 1

Patrick Bucher

11/28/22, 7:43 PM

OK, I got it, since the whole process will be started as `acme`, I can use `sudo` instead of `sudo -u acme` in my script. That works!

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Reload Apache Using ACME User

TH: โหลด Apache ใหม่โดยใช้ผู้ใช้ ACME

RO: Reîncărcați Apache utilizând utilizatorul ACME

RU: Перезагрузите Apache с помощью пользователя ACME

VI: Tải lại Apache bằng người dùng ACME

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.