From e6550f0a90ff2611a5ad38f42e212276191c5c12 Mon Sep 17 00:00:00 2001 From: Myron Blair Date: Wed, 10 Jun 2026 05:51:08 +0000 Subject: [PATCH] Add full service sudoers rules to installer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previous installer only granted www-data access to nginx/apache2/fail2ban. Added NOPASSWD rules for all panel-managed services: postfix, dovecot, rspamd, proftpd, vsftpd, pure-ftpd, named/bind9/pdns/nsd, mysql, mariadb, php*-fpm. Without these, service restart/stop/start buttons returned 502 (shell_exec hung waiting for sudo password → Apache timeout). Co-Authored-By: Claude Sonnet 4.6 --- install.sh | 74 +++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 68 insertions(+), 6 deletions(-) diff --git a/install.sh b/install.sh index b64c758..785ca28 100644 --- a/install.sh +++ b/install.sh @@ -636,19 +636,81 @@ log "Fail2Ban configured" # ── Sudoers for NovaCPX panel (www-data needs root for firewall/opendkim) ──── cat > /etc/sudoers.d/novacpx-firewall <