Linux使用sudo权限执行部分命令不需要密码配置:修订间差异
来自三线的随记
(创建页面,内容为“=== 相关配置文件 === /etc/sudoers <br /> === 配置用户拥有sudo权限 === root ALL = (ALL) ALL %group-id ALL = (ALL) ALL === 配置sudo不需要密…”) |
小无编辑摘要 |
||
| 第1行: | 第1行: | ||
=== 相关配置文件 === | ===相关配置文件=== | ||
/etc/sudoers | /etc/sudoers | ||
<br /> | <br /> | ||
=== 配置用户拥有sudo权限 === | === 使用 <code>#'''include'''</code> '''和''' <code>#includedir</code> 插入别的配置文件 === | ||
## Read drop-in files from /private/etc/sudoers.d | |||
## (the '#' here does not indicate a comment) | |||
#includedir /private/etc/sudoers.d | |||
Including other files from within sudoers | |||
It is possible to include other sudoers files from within the sudoers file currently being parsed using the '''#include''' and '''#includedir''' directives. | |||
This can be used, for example, to keep a site-wide sudoers file in addition to a local, per-machine file. For the sake of this example the site-wide sudoers file will be | |||
/etc/sudoers and the per-machine one will be /etc/sudoers.local. To include /etc/sudoers.local from within /etc/sudoers we would use the following line in /etc/sudoers: | |||
#include /etc/sudoers.local | |||
* ⚠️注意, 此处的 <code>#includedir</code> 中的<code>#</code>并不是代表注释该行 | |||
<br /> | |||
===配置用户拥有sudo权限=== | |||
root ALL = (ALL) ALL | root ALL = (ALL) ALL | ||
%group-id ALL = (ALL) ALL | %group-id ALL = (ALL) ALL | ||
=== 配置sudo不需要密码认证 === | ===配置sudo不需要密码认证=== | ||
your-user-name ALL = (ALL) NOPASSWD:ALL | your-user-name ALL = (ALL) NOPASSWD:ALL | ||
* ⚠️注意,配置参数能被下文覆盖,所以如果前文中配置了NOPASSWD:ALL,但是假设后文又重新配置了<code>(ALL) ALL</code> ,则会在执行sudo的时候还是需要密码 | *⚠️注意,配置参数能被下文覆盖,所以如果前文中配置了NOPASSWD:ALL,但是假设后文又重新配置了<code>(ALL) ALL</code> ,则会在执行sudo的时候还是需要密码 | ||
=== 配置sudo对于特定命令不需要密码认证 === | ===配置sudo对于特定命令不需要密码认证=== | ||
user-id ALL = (ALL) NOPASSWD:/usr/sbin/tcpdump | user-id ALL = (ALL) NOPASSWD:/usr/sbin/tcpdump | ||
user-id ALL = (ALL) NOPASSWD:/sbin/route | user-id ALL = (ALL) NOPASSWD:/sbin/route | ||
user-id ALL = (ALL) NOPASSWD:/usr/local/bin/openconnect | user-id ALL = (ALL) NOPASSWD:/usr/local/bin/openconnect | ||
[[分类:Linux]] | |||
[[分类:Linux]] | |||
2020年12月19日 (六) 17:36的版本
相关配置文件
/etc/sudoers
使用 #include 和 #includedir 插入别的配置文件
## Read drop-in files from /private/etc/sudoers.d ## (the '#' here does not indicate a comment) #includedir /private/etc/sudoers.d
Including other files from within sudoers
It is possible to include other sudoers files from within the sudoers file currently being parsed using the #include and #includedir directives.
This can be used, for example, to keep a site-wide sudoers file in addition to a local, per-machine file. For the sake of this example the site-wide sudoers file will be
/etc/sudoers and the per-machine one will be /etc/sudoers.local. To include /etc/sudoers.local from within /etc/sudoers we would use the following line in /etc/sudoers:
#include /etc/sudoers.local
- ⚠️注意, 此处的
#includedir中的#并不是代表注释该行
配置用户拥有sudo权限
root ALL = (ALL) ALL %group-id ALL = (ALL) ALL
配置sudo不需要密码认证
your-user-name ALL = (ALL) NOPASSWD:ALL
- ⚠️注意,配置参数能被下文覆盖,所以如果前文中配置了NOPASSWD:ALL,但是假设后文又重新配置了
(ALL) ALL,则会在执行sudo的时候还是需要密码
配置sudo对于特定命令不需要密码认证
user-id ALL = (ALL) NOPASSWD:/usr/sbin/tcpdump user-id ALL = (ALL) NOPASSWD:/sbin/route user-id ALL = (ALL) NOPASSWD:/usr/local/bin/openconnect
