There's no need to type your password when you restart Apache, really...

August 14, 2010 By: admin

When you're developing with PHP on a mac, if you're not using MAMP, you'll often end up having to do a lot of manual restarts when you make changes to how you've set up Apache (assuming you haven't joined all the cool kids and moved onto Nginx yet...). This usually involves calling up a terminal window and typing in the usual Apache restart command on OS X:

  sudo apachectl restart

This isn't a really destructive command, and having to type in your admin password every time when doing this in development on your own computer gets old quickly. It's also error prone. Surely there's a better way?

Fortunately, when browsing the Aegir OS X install documentation, I came across as handy fix to this problem. The Aegir hackers let Aegir handle server restarts in a fairly elegant fashion, by tweaking the sudoers file on your mac, which is basically a short list of who is allowed to do what on your machine. I've borrowed a few tricks, and adaprted them to use in my sudoers file here, and after showing it in full, I'll explain how it works.

Bear in mind, you can't edit the sudoers file directly - you need to use the visudo command, (this works as a precaution to stop this file getting screwed up by letting more than one person is edit it at a time for example).

Also, to make things more complex, you need to edit this inside the terminal, to you may need to force this by typing EDITOR='vim' first

Okay, now that's out the way, lets look at that file:

  # Run as alias specification

  # User privilege specification
  root    ALL=(ALL) ALL
  %admin  ALL=(ALL) ALL

  # Uncomment to allow people in group wheel to run all commands
  # %wheel        ALL=(ALL) ALL

  # Same thing without a password
  # %wheel        ALL=(ALL) NOPASSWD: ALL
  %staff          ALL=(ALL) NOPASSWD: /usr/sbin/apachectl
  # Samples
  # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
  # %users  localhost=/sbin/shutdown -h now

Lets look at the first lines, with root and %wheel. If you're even bothering to read this, the chances are you know that root refers to the all powerful user that can do anything on a system, but you may not be familiar with the percent prefix on %admin nor the ALL=(ALL) ALL. The %admin basically means 'anyone in the admin group, but the ALL=(ALL) ALL is somewhat more cryptic. The rough translation goes like this though:

from ALL terminals, let these users run ALL commands and as ALL of the users in the system.

We see the same trick visible again with the %wheel group, but the line starting with %staff deserves more attention:

  %staff          ALL=(ALL) NOPASSWD: /usr/sbin/apachectl

Translated, this means:

for ALL members in the staff group, let them use ALL terminals, to run the command /usr/sbin/apachectl as ALL users (in particular, the root user) without needing a password (that's the NOPASSWD: bit).

This is the line that lets us run the familiar sudo apachectl restart without needing to constantly type our password credentials in.

Which over the course of a year, will easily save you tons of typing over the year, and leave some time to skim the sudoers man page, and suggest a similar trick here for others to try.

Over to you now...


Copyright © 2020 Chris Adams
Powered by Cryogen
Theme by KingMob