Allow users to reload PHP FPM without Sudo

Question

On our development servers, we allow multiple developers access to the server to git pull their changes. Normally this requires running sudo systemctl reload php-fpm (or sending USR2, etc.). However, we want to allow them to reload the changed code in PHP-FPM without needing sudo.

Way back when when I used to use Ruby, you could do exactly what I'm looking for by touching a file named restart.txt in the tmp directory.

Does PHP-FPM support anything like that? Alternatively, is there anyway to allow the reload command (or any similar method of sending a USR2) without sudo?

Answer 1

For beginners/googlers like me. All steps to restart or reload a service (edit where necessary)

1. install if not already yum install sudo
2. run visudo this is how to edit it
3. insert this myUsername ALL=NOPASSWD: /bin/systemctl restart httpd.service (apache restart in my case, change to reload php-fpm if needed. above ans didn't work for some reason)
4. now myUsername can run something like sudo /bin/systemctl restart httpd.service note sudo

Answer 2

Or one can use:

user ALL=(ALL) NOPASSWD: /usr/sbin/service php7.3-fpm *

Where 7.3 might change depending on the php version you have and user is your user.

Answer 3

You'll probably be there when whitelisting the command in your /etc/sudoers file:

Start by editing the sudoers file:

sudo visudo

Add the following config line:

user ALL=(root) NOPASSWD: systemctl reload php-fpm

Replace user (at the beginning of the line) with the real username, for whom the command is executed.

This will privilege the user to call sudo systemctl reload php-fpm being executed as root (without password).