CENTOS apache ALL=(root) NOPASSWD: /path/to/shell.sh is not working

alvan asked:

Trying to do a web interface IPtables management.

Created a file test.php

$output = shell_exec('sudo bash /usr/bin/iptables.sh 2>&1');
echo $output;

Gave /usr/bin/iptables.sh NOPASSWD so I can execute the file with sudo through apache without using a password

sudo iptables -L

sudoers file :

apache ALL=(root) NOPASSWD: /usr/bin/iptables.sh

But I am still getting error

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things: #1)
Respect the privacy of others. #2) Think before you type. #3) With
great power comes great responsibility. sudo: a terminal is required
to read the password; either use the -S option to read from standard
input or configure an askpass helper{"mode":"full","isActive":false}

However, if I use

apache ALL=(root) NOPASSWD: ALL

Everything works fine.

I double-checked my directory and I used the exact path

[[email protected] bin]# readlink -f iptables.sh
/usr/bin/iptables.sh

Super clueless here, can anyone help me with a direction? :'(

My answer:


The command you call with sudo must match what is in the sudoers file, but in your case they do not match.

You tried to run bash /usr/bin/iptables.sh, but sudoers only allows you to run /usr/bin/iptables.sh.


View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.