Привет, написал скриптик для развертывания поддоменов , все это работает на apache2/nginx. Не знаю в чем магия, но на работе оно не работало, после правки правил sudoers , делал перенициацию через su - username. Пришел домой , зашел по ssh и оно заработало , но возник ряд других вопросов,( и да , я использую mod_vhost_alias , но при разворачивании битрикса это не прокатывает ). Подомены будут создаваться по скрипту автоматом для разработчиков , поэтому им надо урезать права. собственно вот скрипт create_domain.sh
#!/bin/sh
echo 'please set domain' && read set
if [ -f "/etc/nginx/sites-available/$set" ]
then echo 'this domain exists , please specify another domain and press key'
exit 1
else
#nginx domain create
echo "\n This is domain not exist. Domain was created"
sudo touch /etc/nginx/sites-available/$set &&
sudo sed "s/set/$set/g" /var/http/nginx/template_in > /var/http/nginx/template_out && echo "\n nginxi config domain create loading..." &&
sudo cat /var/http/nginx/template_out > /etc/nginx/sites-available/$set &&
sudo cat /var/http/nginx/template_out >> /etc/nginx/sites-available/apache2_sub &&
sudo ln -s /etc/nginx/sites-available/$set /etc/nginx/sites-enabled/ && echo "\n nginx domain was created"
#apache2 domain
sudo touch /etc/apache2/sites-available/$set &&
sudo sed "s/set/$set/g" /var/http/apache2/template_in > /var/http/apache2/template_out && echo "\n apache2 config domain create loading..." &&
sudo cat /var/http/apache2/template_out > /etc/apache2/sites-available/$set.conf &&
sudo ln -s /etc/apache2/sites-available/$set.conf /etc/apache2/sites-enabled/ && echo "\n apache2 domain was created"
fi
if [ -L "/etc/nginx/sites-enabled/$set" ] & [ -L "/etc/apache2/sites-enabled/$set.conf" ]
then echo "127.0.0.1 $set.dev" >> /etc/hosts
sudo mkdir -p /var/http/public/$set &&
sudo mkdir -p /var/log/apache2/dev/"$set"_ap /var/log/nginx/dev/"$set"_ng &&
sudo service apache2 reload && sudo service nginx reload && sudo service php7.0-fpm reload &&
echo "\n ngix / apache2 / php-fpm was reloaded \n Congratelations, you was created new domain"
else echo "\n WARNING WARNING WARNING \n You didn't create $set.dev in /etc/hosts file"
fi
Sudoers
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
#User_Alias DEVELOP = roma, sveta, pasha, julia
# Cmnd alias specification
#Cmd_Alias TOUCH = /bin/touch
#Cmd_Alias MKDIR = /bin/mkdir
# User privilege specification
roma ALL= NOPASSWD: /usr/sbin/service nginx reload, /usr/sbin/service apache2 reload, /usr/sbin/service php7.0-fpm reload,\
/bin/cat, /usr/bin/touch, /bin/sed,\
/var/http/create_domain.sh
root ALL=(ALL:ALL) ALL
sveta ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d [/cut]
собственно скрипт не выполняется от рута под обычным пользователем, почему?
sveta@dev-test1:~$ echo '11' >> /etc/hosts
-bash: /etc/hosts: Отказано в доступе
sveta@dev-test1:/var/http$ sed s/127.0.0.1/'__|__'/g /etc/hosts
__|__ localhost test1.com
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
__|__ :q.dev
__|__ visit.dev
__|__ bit.dev
__|__ bvc.dev
__|__ gfh.dev
__|__ xzc.dev
__|__ tyy.dev
__|__ mmm.dev
__|__ visit.dev
__|__ fjdfsdfsfds.dev
sveta@dev-test1:/var/http$ sudo sed s/127.0.0.1/'__|__'/g /etc/hosts >> /etc/hosts
-bash: /etc/hosts: Отказано в доступе
sveta@dev-test1:/var/http$ sudo cat ./nginx/template_out >> /etc/nginx/sites-available/test2
-bash: /etc/nginx/sites-available/test2: Отказано в доступе
sveta@dev-test1:/var/http$ sudo ./create_domain.sh
[sudo] пароль для sveta:
please set domain
nesrabotaet
This is domain not exist. Domain was created
nginxi config domain create loading...
nginx domain was created
apache2 config domain create loading...
apache2 domain was created
ngix / apache2 / php-fpm was reloaded
Congratelations, you was created new domain
Хм, сработало, но почему он обычные команды вне скрипта не может выполнить?
С Ромой тоже сработало ,магия !!!
Ладно тогда, если убрать скрипт из под sudoers и загнать команды под рамки ( у меня ничего не работает :( )
sudoers
# User privilege specification
roma ALL= NOPASSWD: /usr/sbin/service nginx reload, /usr/sbin/service apache2 reload, /usr/sbin/service php7.0-fpm reload,\
/usr/bin/touch /etc/nginx/sites-*, /usr/bin/touch /etc/apache2/sites-*,\
/bin/sed s/set/*/g /var/http/nginx/* > /etc/nginx/sites-*, /bin/sed s/set/*/g /var/http/apache2/* > /etc/apache2/sites-*,\
/bin/sed * /etc/hosts > /var/http/*,\
/bin/cat /var/http/nginx/* > /etc/nginx/sites-*,\
/bin/cat /var/http/apache2/* > /etc/apache2/sites-*, /bin/cat /var/http/nginx/* >> /etc/nginx/sites-av*/apache2_sub
root ALL=(ALL:ALL) ALL
sveta ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
не получается
roma@dev-test1:/var/http$ ./create_domain.sh
please set domain
its
This is domain not exist. Domain was created
[sudo] пароль для roma:
Пользователю roma запрещено выполнять '/bin/sed s/set/its/g /var/http/nginx/template_in' с правами root на dev-test1.
[sudo] пароль для roma:
Пользователю roma запрещено выполнять '/bin/sed s/set/its/g /var/http/apache2/template_in' с правами root на dev-test1.
WARNING WARNING WARNING
You didn't create its.dev in /etc/hosts file
Пробовал
/bin/sed 's/set/*/g /var/http/nginx/* > /etc/nginx/sites-*'
и
/bin/sed "s/set/*/g /var/http/nginx/* > /etc/nginx/sites-*"
и
/bin/sed `s/set/*/g /var/http/nginx/* > /etc/nginx/sites-*`
и
/bin/sed 's/set/*/g /var/http/nginx/*' > '/etc/nginx/sites-*'
и
/bin/sed "s/set/*/g /var/http/nginx/*" > "/etc/nginx/sites-*"
И
/bin/sed `s/set/*/g /var/http/nginx/*` > `/etc/nginx/sites-*`
все без толку :(
