run 'service php5-fpm restart' without using sudo

Question

I am integrating my cakephp projects using jenkins.

Right now, I am exploring the use of Phing. There is one task where I need to run

service php5-fpm restart

So far I tried to do this manually. I cannot do so unless i do it with sudo

Please advise how I can execute this command without using sudo at all?

I know there is an option where I can simply put the user that Phing is using inside sudoers and then not prompt for password, but for security reasons, that is not ideal. So I prefer to ask how to do this without getting prompted for password.

Answer 1

The last paragraph of your question is misleading, at least for me. If your goal is to find a way to invoke service as user Phing without getting asked for a passphrase I would do it with sudo. I will try to answer you question as I understand it, since I don't grasp what speak against the use of sudo in your case.

---

Just add the line

Defaults        exempt_group=Phing

to /etc/sudoers. This line adds the user Phing to a group on which sudo doesn't lay down path and password requirements.

Further you have to add the line

Phing ALL=(root) /full/path/to/service

or alter an existing line of Phing, so that sudo grants him access to service.

After that

sudo service php5-fpm restart

shouldn't ask Phing for a passphrase any longer.

If you want it a bit more strict you can instead add the line

Phing ALL=(root) NOPASSWD: /full/path/to/service

without using exempt_group. Then you have to give sudo the full path of service (if it's not located in the standard paths), so command spoofing isn't possible.

If you want to save some typing, you can also alias sudo service or sudo /full/path/to/service in your shell with service.