I was working on a web page that shows the status of a few different servers and was looking for a method to allow some servers/services to be managed from the web page without giving access to anything unnecessary. I accomplished this by giving the web server permissions to run some specific sudo commands via the sudoers file.
(The sudoers file is where you allow a user to run stuff with the sudo command. It should always be edited with "sudo visudo".)
Here is what I came up with:
This will allow logged in user Username to run a command like "sudo /usr/sbin/service ServiceName stop" on the host HOSTNAME without entering a password. The * will allow anything to be added like start or stop.
There are some nice examples on how to use the sudoers files on sudo's homepage @ sudo.ws
