Linux使用sudo权限执行部分命令不需要密码配置

相关配置文件

/etc/sudoers

使用 #include 和 #includedir 插入别的配置文件

## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d

Including other files from within sudoers
    It is possible to include other sudoers files from within the sudoers file currently being parsed using the #include and #includedir directives.

    This can be used, for example, to keep a site-wide sudoers file in addition to a local, per-machine file.  For the sake of this example the site-wide sudoers file will be
    /etc/sudoers and the per-machine one will be /etc/sudoers.local.  To include /etc/sudoers.local from within /etc/sudoers we would use the following line in /etc/sudoers:

    #include /etc/sudoers.local

• ⚠️注意, 此处的 #includedir 中的#并不是代表注释该行

配置用户拥有sudo权限

root		ALL = (ALL) ALL
%group-id	ALL = (ALL) ALL

配置sudo不需要密码认证

your-user-name	ALL = (ALL) NOPASSWD:ALL

• ⚠️注意,配置参数能被下文覆盖，所以如果前文中配置了NOPASSWD:ALL，但是假设后文又重新配置了(ALL) ALL ，则会在执行sudo的时候还是需要密码

配置sudo对于特定命令不需要密码认证

user-id         ALL = (ALL) NOPASSWD:/usr/sbin/tcpdump
user-id         ALL = (ALL) NOPASSWD:/sbin/route
user-id         ALL = (ALL) NOPASSWD:/usr/local/bin/openconnect