I'm pretty new to the deployment world but this is what's going on. I have a new Ubuntu (Ubuntu 16.04.4 LTS) droplet from DigitalOcean. I installed and configured nginx and everything is working smooth. I turn it on and off with: service nginx start
/service nginx stop
but I need to be able to do this with a different user called pepito
.
When I try to run service nginx start
with pepito
I get:
~# service nginx restart
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to restart 'nginx.service'.
Authenticating as: pepito
Password:
But I'm going to be running this from Capistrano so I don't want to be asked to enter the password, so I added this to visudo
like this:
pepito ALL=(ALL) NOPASSWD: /usr/sbin/service nginx*
Tried again and same problem. Keep googling and reading and find out that ==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
is a message from Polkit
so I read a little about it and created the following file in: /etc/polkit-1/localauthority/50-local.d/nginx.pkla
Identity=unix-user:pepito
Action=org.freedesktop.systemd1.manage-units
ResultInactive=yes
ResultActive=yes
Of course it doesn't work when I try to start and stop nginx from pepito
. I don't know what else to try!
Best Answer
With the
visudo
command you edited the file/etc/sudoers
, which only applies if you prefix your commands withsudo
, in your casesudo service nginx start
.