I'm using the Apache CGI mod to allow execution of python scripts via HTTP(S) request. The problem is that the script I want to be executed, backup.py, at one point executes a subprocess call where a mysqldump command is being piped into sudo -i. The problem is that the CGI "user", www-data, doesn't have root access, and I certainly don't want to give it that in general, just for this specific task. How can I allow www-data to perform only a mysqldump command only under sudo -i?
One way of elevating the permissions for a specific script, is to use the sudoers file.
Create a file containing the script you wan't to execute with root permissions, lets say at /path/to/script.sh.
Then, edit the sudoers file with sudo visudo, and add the following line:
www-data ALL = (root) NOPASSWD: /path/to/script.sh
where the the usernames and the path are set as appropriate.