为什么我在 /etc/sudoers 中设置的无密码提示不起作用?

tag-icon tag-icon sudo
为什么我在 /etc/sudoers 中设置的无密码提示不起作用?

我的 sudo 版本是

$ sudo --version
Sudo version 1.8.16
Sudoers policy plugin version 1.8.16
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.16

$ which sudo
/usr/bin/sudo

$ whereis sudo
sudo: /usr/bin/sudo /usr/lib/sudo /usr/share/man/man8/sudo.8.gz

/etc/sudoers我在该行后面添加了一行root:

# User privilege specification
root    ALL=(ALL:ALL) ALL
# my change for scaling down cpu freq
t       ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh

但是在我重新启动 Ubuntu 16.04 后,运行脚本时我仍然需要提供密码sudo

$ sudo /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh  1600000
[sudo] password for t:

我想知道为什么?

请注意,在 中/etc/sudoers

  • 我注意到root和之间的分隔符ALL是制表符,我也用制表符分隔tALL,其他分隔符都是空格。本来我是分开的tALL有几个空格,但行不通。分隔符重要吗?

  • /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh是没有任何符号链接的路径名,最初,我尝试了符号链接,但不起作用。符号链接重要还是不重要?

谢谢。

更新:

正如史蒂夫的回复所建议的,我将行更改/etc/sudoers

t       ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *

通过在最后添加*,但它不起作用。

目前我的/etc/sudoers样子

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
# my change for scaling down cpu freq
# t     ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
t ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

的组t包括adm(admadmin?) 和sudo:

$ groups t
t : t adm cdrom sudo dip plugdev lpadmin sambashare

允许运行的命令t是:

$ sudo -l
Matching Defaults entries for t on ocean:
    env_reset, mail_badpass,
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin

User t may run the following commands on ocean:
    (ALL : ALL) NOPASSWD:
        /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
    (ALL : ALL) ALL

答案1

除了参数之外,正如 @steve 提到的,将ALL=(ALL)for更改ALL=(ALL:ALL)为:

t ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *

如果用户 t 属于 sudo 或 admin 组,您还必须将该行admin 和 sudo 组的通用规则。 Per man sudoers,考虑条件的最后一行获胜:

当多个条目与一个用户匹配时,它们将按顺序应用。
如果有多个匹配项,则使用最后一个匹配项(不一定是最具体的匹配项)。

因此,如果现在最后一行满足更严格的条件,则将应用 NOPASSWD 指令,然后将不再询问密码。

答案2

也许你传递一个论点的事实导致了这个问题。

代替:

t       ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh

尝试这个:

t       ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *

相关内容