我的 sudo 版本是
$ sudo --version
Sudo version 1.8.16
Sudoers policy plugin version 1.8.16
Sudoers file grammar version 45
Sudoers I/O plugin version 1.8.16
$ which sudo
/usr/bin/sudo
$ whereis sudo
sudo: /usr/bin/sudo /usr/lib/sudo /usr/share/man/man8/sudo.8.gz
# User privilege specification
root ALL=(ALL:ALL) ALL
# my change for scaling down cpu freq
t ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh
但是在我重新启动 Ubuntu 16.04 后,运行脚本时我仍然需要提供密码sudo
:
$ sudo /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh 1600000
[sudo] password for t:
我想知道为什么?
请注意,在 中/etc/sudoers
,
我注意到
root
和之间的分隔符ALL
是制表符,我也用制表符分隔t
和ALL
,其他分隔符都是空格。本来我是分开的t
,ALL
有几个空格,但行不通。分隔符重要吗?/home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh
是没有任何符号链接的路径名,最初,我尝试了符号链接,但不起作用。符号链接重要还是不重要?
谢谢。
更新:
正如史蒂夫的回复所建议的,我将行更改/etc/sudoers
为
t ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
通过在最后添加*
,但它不起作用。
目前我的/etc/sudoers
样子
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# my change for scaling down cpu freq
# t ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
t ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
的组t
包括adm
(adm
与admin
?) 和sudo
:
$ groups t
t : t adm cdrom sudo dip plugdev lpadmin sambashare
允许运行的命令t
是:
$ sudo -l
Matching Defaults entries for t on ocean:
env_reset, mail_badpass,
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin
User t may run the following commands on ocean:
(ALL : ALL) NOPASSWD:
/home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
(ALL : ALL) ALL
答案1
除了参数之外,正如 @steve 提到的,将ALL=(ALL)
for更改ALL=(ALL:ALL)
为:
t ALL=(ALL:ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *
如果用户 t 属于 sudo 或 admin 组,您还必须将该行后admin 和 sudo 组的通用规则。 Per man sudoers
,考虑条件的最后一行获胜:
当多个条目与一个用户匹配时,它们将按顺序应用。
如果有多个匹配项,则使用最后一个匹配项(不一定是最具体的匹配项)。
因此,如果现在最后一行满足更严格的条件,则将应用 NOPASSWD 指令,然后将不再询问密码。
答案2
也许你传递一个论点的事实导致了这个问题。
代替:
t ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh
尝试这个:
t ALL=(ALL) NOPASSWD: /home/t/program_files/hardware/cpu/cpuFreq/changeCpuFreq.sh *