User web is not allowed to execute '/usr/sbin/service php7.3-fpm reload

juanmaguitar · August 11, 2019, 4:01pm

Hi everyone!

I’m getting this error when I deploy my site to my droplet in Digital Ocean

TASK [deploy : Reload php-fpm] ***************************************************************************************************
System info:
  Ansible 2.7.0; Darwin
  Trellis Head
---------------------------------------------------
non-zero return code
Sorry, user web is not allowed to execute '/usr/sbin/service php7.3-fpm
reload' as root on droplet-juanmaguitar.com-2019.
fatal: [juanmaguitar.com]: FAILED! => {"changed": true, "cmd": "sudo service php7.3-fpm reload", "delta": "0:00:00.011859", "end": "2019-08-11 15:44:08.557927", "rc": 1, "start": "2019-08-11 15:44:08.546068", "stderr_lines": ["Sorry, user web is not allowed to execute '/usr/sbin/service php7.3-fpm reload' as root on droplet-juanmaguitar.com-2019."], "stdout": "", "stdout_lines": []}
	to retry, use: --limit @/Users/juanma/PROJECTS/2019/WORDPRESS/juanmaguitar.com-2019/trellis/deploy.retry

PLAY RECAP ***********************************************************************************************************************
juanmaguitar.com           : ok=28   changed=12   unreachable=0    failed=1
localhost                  : ok=0    changed=0    unreachable=0    failed=0

The site is being updated properly so it’s not a critical error for me… for now

I’ve checked some other threads regarding this and I only have one instance of php-fpm running in my server and it seems to be running properly

root@droplet-juanmaguitar:~# sudo service --status-all
 [ - ]  acpid
 [ + ]  apparmor
 [ + ]  apport
 [ + ]  atd
 [ - ]  console-setup.sh
 [ + ]  cron
 [ - ]  cryptdisks
 [ - ]  cryptdisks-early
 [ + ]  dbus
 [ + ]  ebtables
 [ + ]  fail2ban
 [ + ]  ferm
 [ + ]  grub-common
 [ - ]  hwclock.sh
 [ + ]  irqbalance
 [ + ]  iscsid
 [ - ]  keyboard-setup.sh
 [ + ]  kmod
 [ - ]  lvm2
 [ + ]  lvm2-lvmetad
 [ + ]  lvm2-lvmpolld
 [ + ]  lxcfs
 [ - ]  lxd
 [ - ]  mdadm
 [ - ]  mdadm-waitidle
 [ + ]  memcached
 [ + ]  mysql
 [ + ]  nginx
 [ + ]  ntp
 [ - ]  open-iscsi
 [ - ]  open-vm-tools
 [ + ]  php7.3-fpm
 [ - ]  plymouth
 [ - ]  plymouth-log
 [ + ]  procps
 [ - ]  rsync
 [ + ]  rsyslog
 [ - ]  screen-cleanup
 [ + ]  ssh
 [ + ]  udev
 [ + ]  ufw
 [ + ]  unattended-upgrades
 [ - ]  uuidd

Any idea why I could be getting this error?

Cheers!!

JuanMa

swalkinshaw · August 11, 2019, 4:10pm

Do you have this? https://github.com/roots/trellis/blob/e86edb8f9ee2bd4a4c4572c4d4b9c644fd0e65c9/group_vars/all/users.yml#L21-L22

You should be able to see that in /etc/sudoers.d/web-services if so

juanmaguitar · August 11, 2019, 6:53pm

Thanks @swalkinshaw

Yes, that was it. I had it w/ and old version…

web_sudoers:
  - "/usr/sbin/service php7.2-fpm *"

So, after updating it to…

web_sudoers:
  - "/usr/sbin/service php7.3-fpm *"

and doing. ansible-playbook server.yml -e env=production again

Now the ./bin/deploy.sh production juanmaguitar.com returns no error

Cheers!!

JuanMa

system · September 22, 2019, 4:03pm

This topic was automatically closed after 42 days. New replies are no longer allowed.