我正在使用已安装很长时间的 Fedora 16 机器,每当我以普通用户(非 root)身份输入“sudo -v”、“sudo -l”等时,我都会得到以下输出:
[user@* ~]$ sudo -v
env: -v: No such file or directory
[user@* ~]$
某些因素导致 sudo 认为“-v”是一个要运行的进程。
当我尝试为添加到 /usr/bin 的特定可执行文件设置 NOPASSWD 访问权限时发现了这一点,但它也不起作用(它仍然要求输入密码)。
顺便提一下,当我更改 /etc/sudoers 时,是否需要重新加载 sudo 配置或其他内容?Fedora 16 中是否还在使用 /etc/sudoers 文件?
这是我的 /etc/sudoers 配置:
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
## This file must be edited with the 'visudo' command.
## Host Aliases
## Groups of machines. You may prefer to use hostnames (perhaps using
## wildcards for entire domains) or IP addresses instead.
# Host_Alias FILESERVERS = fs1, fs2
# Host_Alias MAILSERVERS = smtp, smtp2
## User Aliases
## These aren't often necessary, as you can use regular groups
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname
## rather than USERALIAS
# User_Alias ADMINS = jsmith, mikem
## Command Aliases
## These are groups of related commands...
## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
# You have to run "ssh -t hostname sudo <cmd>".
#
Defaults requiretty
Defaults env_reset
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
Defaults env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS
## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
user ALL=(ALL) NOPASSWD: /usr/bin/fastboot*
注意:在我的实际配置的最后一行,我确实用“用户”替换了我的用户名。
另外,有人告诉我你可以在 sudoers 配置中使用 *、[0-9] 等,并且 fastboot 命令具有我想授予我的用户所有访问权限的参数。(有无限的参数可能性,我想访问所有这些参数。)也许我错了,不需要通配符,但我已经尝试过没有它的这个配置文件,但它也不起作用。
这是我的 sudo -V 输出:
Sudo version 1.8.3p1
Configure options: --build=i386-redhat-linux-gnu --host=i386-redhat-linux-gnu --program-prefix= --disable-dependency-tracking --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin --libdir=/usr/lib --docdir=/usr/share/doc/sudo-1.8.3p1 --with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login --with-editor=/bin/vi --with-env-editor --with-ignore-dot --with-tty-tickets --with-ldap --with-selinux --with-passprompt=[sudo] password for %p: --with-linux-audit
Sudoers policy plugin version 1.8.3p1
Sudoers file grammar version 40
Sudoers path: /etc/sudoers
nsswitch path: /etc/nsswitch.conf
ldap.conf path: /etc/ldap.conf
ldap.secret path: /etc/ldap.secret
Authentication methods: 'pam'
Syslog facility if syslog is being used for logging: authpriv
Syslog priority to use when user authenticates successfully: notice
Syslog priority to use when user authenticates unsuccessfully: alert
Ignore '.' in $PATH
Send mail if the user is not in sudoers
Use a separate timestamp for each user/tty combo
Lecture user the first time they run sudo
Require users to authenticate by default
Root may run sudo
Allow some information gathering to give useful error messages
Only allow the user to run sudo if they have a tty
Visudo will honor the EDITOR environment variable
Set the LOGNAME and USER environment variables
Length at which to wrap log file lines (0 for no wrap): 80
Authentication timestamp timeout: 5.0 minutes
Password prompt timeout: 5.0 minutes
Number of tries to enter a password: 3
Umask to use or 0777 to use user's: 022
Path to mail program: /usr/sbin/sendmail
Flags for mail program: -t
Address to send mail to: root
Subject line for mail messages: *** SECURITY information for %h ***
Incorrect password message: Sorry, try again.
Path to authentication timestamp dir: /var/db/sudo
Default password prompt: [sudo] password for %p:
Default user to run commands as: root
Value to override user's $PATH with: /sbin:/bin:/usr/sbin:/usr/bin
Path to the editor for use by visudo: /bin/vi
When to require a password for 'list' pseudocommand: any
When to require a password for 'verify' pseudocommand: all
File descriptors >= 3 will be closed before executing a command
Reset the environment to a default set of variables
Environment variables to check for sanity:
TERM
LINGUAS
LC_*
LANGUAGE
LANG
COLORTERM
Environment variables to remove:
RUBYOPT
RUBYLIB
PYTHONUSERBASE
PYTHONINSPECT
PYTHONPATH
PYTHONHOME
TMPPREFIX
ZDOTDIR
READNULLCMD
NULLCMD
FPATH
PERL5DB
PERL5OPT
PERL5LIB
PERLLIB
PERLIO_DEBUG
JAVA_TOOL_OPTIONS
SHELLOPTS
GLOBIGNORE
PS4
BASH_ENV
ENV
TERMCAP
TERMPATH
TERMINFO_DIRS
TERMINFO
_RLD*
LD_*
PATH_LOCALE
NLSPATH
HOSTALIASES
RES_OPTIONS
LOCALDOMAIN
CDPATH
IFS
Environment variables to preserve:
XAUTHORITY
_XKB_CHARSET
LINGUAS
LANGUAGE
LC_ALL
LC_TIME
LC_TELEPHONE
LC_PAPER
LC_NUMERIC
LC_NAME
LC_MONETARY
LC_MESSAGES
LC_MEASUREMENT
LC_IDENTIFICATION
LC_COLLATE
LC_CTYPE
LC_ADDRESS
LANG
USERNAME
QTDIR
PS2
PS1
MAIL
LS_COLORS
KDEDIR
INPUTRC
HISTSIZE
HOSTNAME
DISPLAY
COLORS
Locale to use while parsing sudoers: C
Directory in which to store input/output logs
File in which to store the input/output log
Add an entry to the utmp/utmpx file when allocating a pty
Local IP address and netmask pairs:
192.168.1.88/255.255.255.0
fe80::216:76ff:feb2:49a2/ffff:ffff:ffff:ffff::
fe80::214:d1ff:fed5:60e9/ffff:ffff:ffff:ffff::
Sudoers I/O plugin version 1.8.3p1
如果有人能帮我解决这两个问题,那就太好了。说实话,如果有人能告诉我为什么 fastboot(通过 USB 的 Android 分区刷新工具)需要在我的 Linux 机器上获得 root 访问权限,然后向我展示一种更简单的方法,让它运行而无需 root 访问权限,那就太好了。出于某种原因,我的旧 Linux 不需要 root 访问权限即可进行 fastboot。
另外,请注意安全。我不打算允许所有操作都以 root 身份运行而无需密码。谢谢。
我刚刚在我的.bashrc中发现了这一点:
alias sudo='sudo env PATH=$PATH'
我忘了自己添加了它。过去,我曾遇到过一些有关 $PATH 命令的问题。
我删除了该行,现在我的问题已经解决了。谢谢……我想。*叹息我是一个高级用户,我似乎总是自己解决问题。我可以诚实地说,我已经这样做了近 5 年,没有人帮助。这很可悲。
答案1
我在我的.bashrc中发现了这一点:
alias sudo='sudo env PATH=$PATH'
我忘了自己添加了它。过去,我曾遇到过一些有关 $PATH 命令的问题。
我删除了该行,现在我的问题已经解决了。谢谢……我想。*叹息我是一个高级用户,我似乎总是自己解决问题。我可以诚实地说,我已经这样做了近 5 年,没有人帮助。这很可悲。