我正在使用 arch linux - i3。我有一个脚本要运行rmmod hid-multitouch && sudo modprobe hid-multitouch
。我在 i3 中编辑了热键并设置了一个例外来运行没有密码的脚本,使用sudo visudo
取消注释并添加了行
%wheel ALL=(ALL) NOPASSWD: /home/hieuc/i3script/rmod_hid.sh
hieuc ALL=(ALL) NOPASSWD: /home/hieuc/i3script/rmod_hid.sh
但它似乎不起作用,但几天前它仍然对我有用。这是一个输出/etc/sudoers
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
# Cmnd_Alias REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff
##
## Defaults specification
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file. Note that other programs use HOME to find
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods. Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot. Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: /home/hieuc/i3script/rmod_hid.sh
## User
hieuc ALL=(ALL) NOPASSWD: /home/hieuc/i3script/rmod_hid.sh
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
我的脚本:
#! /bin/bash
sudo rmmod hid-multitouch && sudo modprobe hid-multitouch
这是我在 i3 中的热键bindsym $mod+Shift+o exec $HOME/i3script/rmod_hid.sh
答案1
假设/home/hieuc/i3script/rmod_hid.sh
是您的脚本,您应该sudo /home/hieuc/i3script/rmod_hid.sh
无需密码即可运行。 sudo 权限适用于指定的命令,而不适用于从 sudo 配置中指定的脚本调用的命令。
另一方面,您的脚本不需要 sudo,因为它已经以 root 身份运行。
#! /bin/bash
rmmod hid-multitouch && modprobe hid-multitouch
如果您希望能够在不使用 sudo 的情况下调用脚本,您可以检查用户 ID:
#! /bin/bash
test "$(id -u)" != 0 && exec sudo /home/hieuc/i3script/rmod_hid.sh "$@"
rmmod hid-multitouch && modprobe hid-multitouch
sudo
如果没有调用它,则它会调用自己sudo
。然后,调用的脚本sudo
将以 root 身份执行最后一行中的命令。
答案2
hieuc ALL=(ALL) NOPASSWD: /home/hieuc/i3script/rmod_hid.sh
sudoers 文件中的这一行允许用户希厄克执行/home/hieuc/i3script/rmod_hid.sh
时sudo
不提示输入密码。例如:
hieuc$: sudo ~/i3script/rmod_hid.sh
由于脚本已经以 root 身份运行,因此您不需要sudo
在脚本内部使用。
请注意,拥有可以使用 sudo 运行的用户可写文件意味着用户可以以 root 身份运行任何命令(通过修改该脚本)。
答案3
您提到的脚本sudoers
是您将运行的脚本sudo
。
所以如果你想做的话sudo /home/me/my-script
就/home/me/my-script
必须在中提到sudoers
根据您的情况,您可以添加modprobe hid-multitouch
到sudoers
您还可以编写 script1 来包含
sudo script2
并将脚本 2 放入sudoers
.
例如
script1
由热键代码调用。它没有提到suderes
它包含:
#!/bin/bash
script_called_as="$0"
script_full_name="$(readlink -e "$script_called_as")"
script_dir="$(dirname "$script_full_name")"
sudo "$script_dir/«script2»"
替换«script2»
为您的脚本的名称。然后讲述sudeers
你的 script2 (不是 script1)