我在工作中使用带有 LDAP 帐户的 Ubuntu 16.04。我在 /etc/sudoers.d/gbs 中配置了几个 NOPASSWD 规则。它们可见:
$ sudo -l
Matching Defaults entries for m.lewicki on AMDC1494.digital.local:
env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, timestamp_timeout=120, env_keep+=http_proxy, env_keep+=no_proxy, env_keep+=https_proxy, env_keep+=HTTP_PROXY, env_keep+=HTTPS_PROXY,
env_keep+=BUILD_DIR
User m.lewicki may run the following commands on AMDC1494.digital.local:
(ALL : ALL) ALL
(ALL) NOPASSWD: /bin/mount -o bind /*/* */scratch.*
(ALL) NOPASSWD: /bin/umount -l */scratch.*
(ALL) NOPASSWD: /bin/umount -l -f */scratch.*
(ALL) NOPASSWD: /bin/mkdir -p */scratch.*
(ALL) NOPASSWD: /usr/bin/build
(ALL) NOPASSWD: /bin/cp *.conf */scratch.*/*.conf
(ALL) NOPASSWD: /bin/rm -f */.build.log
(ALL) NOPASSWD: /bin/echo -n
(ALL) NOPASSWD: /usr/sbin/chroot */scratch.*
(ALL) NOPASSWD: /usr/bin/chroot */scratch.*
(root) NOEXEC: NOPASSWD: /usr/bin/updatedb
(ALL) ALL
然而它们被忽略了。例如
$ sudo echo -n
仍然要求输入密码。我尝试将“sudoers: files ldap”添加到 vim /etc/nsswitch.conf 并尝试 apt-get install sudo-ldap,但都没有帮助。
不受 LDAP 管理的本地用户帐户运行正常,并且不需要输入指定命令的密码。
如何让本地 sudoers 文件受到尊重?