如果我有sudoers:
apache ALL = (root) nopASSWD: /blah/important_script.sh
并运行“sudo /blah/important_script.sh”我可以在没有密码的情况下运行它.
但是,如果我运行“sudo -i /blah/important_script.sh”,我需要输入apache的密码.
如果我将sudoers中的行更改为:
apache ALL = (root) nopASSWD:ALL
我可以在没有密码的情况下运行命令“sudo -i /blah/important_script.sh”.
但我希望能够只运行/blah/important_script.sh,而不是所有命令.
所以,我如何设置只有/blah/important_script.sh可以使用sudo -i运行而无需密码.
解决方法
Sorry,user bob is not allowed to execute '/bin/bash -c /blah/important_script.sh' as root on host.
请注意,我们被拒绝访问命令/ bin / bash -c …这与我们在sudoers文件/ blah / important_script中指定的命令不同….当你告诉sudo允许用户运行时一个特定的命令,他们必须使用sudoers中指定的确切命令行,所以我们需要适当地更改sudoers.
bob ALL=(root) nopASSWD: /bin/bash -c /blah/important_script.sh
这现在适用于鲍勃
$sudo -i /bin/bash -c /blah/important_script.sh
那为什么要这样呢?那么sudo的手册页有答案
‑i [command]
The ‑i (simulate initial login) option runs the shell specified by the password database entry of the target user as a login shell. This means that login-specific resource files such as .profile or .login will be read by the shell. If a command is specified,it is passed to the shell for execution via the shell’s ‑c option. If no command is specified,an interactive shell is executed…