Write Nginx Config as Unprivileged User

I have a deployment script that gets executed by an unprivileged deploy user. To fully automate things, though, I have to write a web server configuration file to /etc/nginx/sites-available and symlink it in /etc/nginx/sites-enabled.

I'd rather not change ownership or permissions for this particular directory so I've been trying to figure out a way to do this with password-less sudo access. Since I'm here, I guess it's pretty clear that I haven't had any luck.

Is there any way to update my sudoers file such that the deploy user can write new files to those directories?

1 Answer

You can try writing a NOPASSWD rule like so:

deploy ALL = (root) NOPASSWD: /bin/cp -t /etc/nginx/sites-available *, /bin/ln -s /etc/nginx/sites-available/* /etc/nginx/sites-enabled

Then the deploy use would directly copy to the sites-available folder, after creating the configuration elsewhere, then create the link (without a target name being specified).

This might have loopholes too.

Or you could write a script that manages all this, and have a single NOPASSWD rule with only that script.

6

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy