-
-
Save sheharyarn/f3d98e8cc859f092532b to your computer and use it in GitHub Desktop.
| # Enter this command to create a sudoers override/include file: | |
| # sudo visudo -f /etc/sudoers.d/nginx.overrides | |
| # (Make sure you actually have this in your /etc/sudoers - Run `sudo visudo` to check) | |
| # #includedir /etc/sudoers.d | |
| # This file assumes your deployment user is `deploy` | |
| # Nginx Commands | |
| Cmnd_Alias NGINX_RESTART = /usr/sbin/service nginx restart | |
| Cmnd_Alias NGINX_RELOAD = /usr/sbin/service nginx reload | |
| # No-Password Commands | |
| deploy ALL=NOPASSWD: NGINX_RESTART, NGINX_RELOAD |
Note that, at least on my system (Ubuntu 16.04), this filename cannot contain a . character!! From the sudoers manual:
sudo will read each file in /etc/sudoers.d, skipping file names that end in ‘~’ or contain a ‘.’ character
In other words, you can instead run a command such as sudo visudo -f /etc/sudoers.d/nginx_overrides to generate this file.
In addition, here is a more generic version of the file that you may wish to use instead:
deploy ALL=(ALL:ALL) NOPASSWD: /usr/sbin/service nginx *
It never said how to run this.
I spent 1 hour to understand that you need explicitly specify sudo command even if you added user to sudoers.
/usr/sbin/service nginx reload => will prompt to enter password
sudo /usr/sbin/service nginx reload => will reload nginx without any password prompt
this should be run only after nginx overrides file created.
It's the best configuration, it took me a little while to find something that works, but that's exactly what I needed. Thank you very much, and thank you also for the capistrano task ;-)
For rails apps with Capistrano, you can use these Nginx Tasks with this file.