我已经搜索并找到了很多答案,但我仍然无法让它工作。这是在 debian 9 系统上 - 我在配置文件中创建了一个别名和一个 shell 函数:
alias lscron='sudo crontab -u biuser -l'
function edcron
{
lckf=~biuser/edcron
if [[ -f $lckf ]]
then
echo $(cat $lckf) is editing
else
echo $(id -nu) > $lckf
sudo crontab -u biuser -e
rm $lckf
fi
}
它们按预期工作,但要求输入密码。我想让一些用户无需密码即可运行这些命令,所以我添加了如下内容/etc/sudoers:
analytics root = cat /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
some.user ALL = NOPASSWD: /usr/bin/crontab -u biuser -e, /usr/bin/crontab -u biuser -l
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
我没有收到任何错误,但它要求输入密码;我如何让它工作?
编辑
Matching Defaults entries for some.user on analytics:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User some.user may run the following commands on analytics:
(ALL : ALL) ALL
(root) NOPASSWD: /usr/bin/crontab -u biuser -e, /usr/bin/crontab -u biuser -l
(ALL : ALL) ALL
(来源)
在您的情况下, “获胜”
(ALL : ALL) ALL输出中的最后一个。sudo -lNOPASSWD在行后sudoers没有明确(ALL : ALL) ALL的,但有#includedir。这不是评论。必须有(ALL : ALL) ALL一些/etc/sudoers.d匹配的文件some.user。您的目标是
(ALL : ALL) ALL在. 然后您的设置将起作用。NOPASSWDsudo -l -U some.user您可以在不更改文件的情况下
sudoers.d通过将NOPASSWD行放在#includedir. 这样,每当该行匹配时,它肯定是最后一个匹配。