I created a script file for killing aolserver containing the following:
#!/bin/bash
SERVER="server1"
PIDFILE="/tmp/aolserver/log/nspid.$SERVER";
PID=`cat $PIDFILE`;
rm -f $PIDFILE
/usr/bin/kill -9 $PID
Permissions were set to 750 and ownership cams.web:
-rwxr-x--- 1 cams web 138 Dec 14 00:32 kill-aolserver
I added the following line to /etc/sudoers:
# anyone in the web group:
%web localhost = (cams) /tmp/aolserver/bin/kill-aolserver
# or just tom:
tom localhost = (cams) /tmp/aolserver/bin/kill-aolserver
Now users in the 'web' group can restart this instance of AOLserver with the command:
$sudo -u cams /tmp/aolserver/bin/kill-aolserver
Is it more secure to run sudo and have it run the kill script as the AOLserver process owner? Note that I have changed the file contents, command line arguments are not used, so if several servers were running, separate files would be needed, probably something like 'restart-server1', etc. In addition, the cams user does not have a login shell.
Would it add anything to put each server in its own group and place the pid file in a different directory?
