Allow users to reload PHP FPM without Sudo

Asked 10/4, 2017 at 18:56 Answered 28/9, 2023 at 21:55

On our development servers, we allow multiple developers access to the server to git pull their changes. Normally this requires running sudo systemctl reload php-fpm (or sending USR2, etc.). However, we want to allow them to reload the changed code in PHP-FPM without needing sudo.

Way back when when I used to use Ruby, you could do exactly what I'm looking for by touching a file named restart.txt in the tmp directory.

Does PHP-FPM support anything like that? Alternatively, is there anyway to allow the reload command (or any similar method of sending a USR2) without sudo?

Kerriekerrigan answered 10/4, 2017 at 18:56 Comment(3)

Why do you need to restart/reload php-fpm after git pull? – Godesberg 10/4, 2017 at 21:21

You can achieve the same thing you have with ruby. I still have NO CLUE why you're reloading the FPM after git pull, it's not needed, your changes to php files will be executed regardless. But, to avoid further discussion: superuser.com/questions/181517/… - there, adjust to suit your needs. – Godesberg 10/4, 2017 at 21:33

@Godesberg Because we turn off opcache.validate_timestamps for performance testing and benchmarking (and in production, though that's not relevant for this question), and the easiest way to clear the OpCache is with a reload. – Kerriekerrigan 12/5, 2017 at 17:42

You'll probably be there when whitelisting the command in your /etc/sudoers file:

Start by editing the sudoers file:

sudo visudo

Add the following config line:

user ALL=(root) NOPASSWD: systemctl reload php-fpm

Replace user (at the beginning of the line) with the real username, for whom the command is executed.

This will privilege the user to call sudo systemctl reload php-fpm being executed as root (without password).

Israelite answered 10/4, 2017 at 19:31 Comment(3)

Note ALWAYS use visudo when editing the sudoers file, and the first user needs to be an actual username. – Aldershot 16/3, 2018 at 23:11

Note, you have to run the command with sudo in front of it. Login as user su user then: sudo systemctl reload php-fpm – Frey 18/4, 2018 at 9:19

Spent some time on it, visudo was saying invalid format, until I put user ALL=(root) NOPASSWD: /bin/systemctl reload php-fpm full path to executable command. Then it worked. Debian 9 – Ivett 22/1, 2019 at 7:50

Or one can use:

user ALL=(ALL) NOPASSWD: /usr/sbin/service php7.3-fpm *

Where 7.3 might change depending on the php version you have and user is your user.

Gavingavini answered 4/9, 2019 at 17:6 Comment(0)

For beginners/googlers like me. All steps to restart or reload a service (edit where necessary)

install if not already yum install sudo
run visudo this is how to edit it
insert this myUsername ALL=NOPASSWD: /bin/systemctl restart httpd.service (apache restart in my case, change to reload php-fpm if needed. above ans didn't work for some reason)
now myUsername can run something like sudo /bin/systemctl restart httpd.service note sudo

Archdeaconry answered 28/9, 2023 at 21:55 Comment(0)

Recommended topics

Hot tags