Linux使用sudo权限执行部分命令不需要密码配置
来自三线的随记
相关配置文件
/etc/sudoers
使用 #include
和 #includedir
插入别的配置文件
## Read drop-in files from /private/etc/sudoers.d ## (the '#' here does not indicate a comment) #includedir /private/etc/sudoers.d
Including other files from within sudoers It is possible to include other sudoers files from within the sudoers file currently being parsed using the #include and #includedir directives. This can be used, for example, to keep a site-wide sudoers file in addition to a local, per-machine file. For the sake of this example the site-wide sudoers file will be /etc/sudoers and the per-machine one will be /etc/sudoers.local. To include /etc/sudoers.local from within /etc/sudoers we would use the following line in /etc/sudoers: #include /etc/sudoers.local
- ⚠️注意, 此处的
#includedir
中的#
并不是代表注释该行
配置用户拥有sudo权限
root ALL = (ALL) ALL %group-id ALL = (ALL) ALL
配置sudo不需要密码认证
your-user-name ALL = (ALL) NOPASSWD:ALL
- ⚠️注意,配置参数能被下文覆盖,所以如果前文中配置了NOPASSWD:ALL,但是假设后文又重新配置了
(ALL) ALL
,则会在执行sudo的时候还是需要密码
配置sudo对于特定命令不需要密码认证
user-id ALL = (ALL) NOPASSWD:/usr/sbin/tcpdump user-id ALL = (ALL) NOPASSWD:/sbin/route user-id ALL = (ALL) NOPASSWD:/usr/local/bin/openconnect