尽管在 sudoers 文件中授予了权限，但 usermod 命令不起作用

2024-8-28 • tag-icon

我已经让 linda 用户从 sudoers 文件运行 2 个命令 (useradd 和 usermod)，我成功运行了 useradd 命令，但是问题是我无法运行 usermod 命令，我已通过在 sudoers 中插入逗号、重新启动、注销和登录检查了所有内容，但没有任何效果。

您可以在这里查看状态

[student@localhost ~]$ sudo grep linda /etc/sudoers
[sudo] password for student: 
linda   ALL=/usr/sbin/useradd, /usr/sbin/usermod    ALL
[student@localhost ~]$ su - linda
Password: 
[linda@localhost ~]$ sudo usermod -aG IT junaid
[sudo] password for linda: 
Sorry, user linda is not allowed to execute '/sbin/usermod -aG IT junaid' as root on localhost.localdomain.
[linda@localhost ~]$ sudo /usr/sbin/usermod -aG IT junaid
[sudo] password for linda: 
Sorry, user linda is not allowed to execute '/usr/sbin/usermod -aG IT junaid' as root on localhost.localdomain.

请注意，用户 linda 只是其自己群组 linda 的成员，

这是完整的 sudoers 文件

[student@localhost ~]$ sudo grep -v '#' /etc/sudoers | cat -s

Defaults   !visiblepw

Defaults    always_set_home
Defaults    match_group_by_gid

Defaults    always_query_group_plugin

Defaults    env_reset
Defaults    env_keep =  "COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS"
Defaults    env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
Defaults    env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
Defaults    env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
Defaults    env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin

root    ALL=(ALL)   ALL
linda   ALL=/usr/sbin/useradd, /usr/sbin/usermod    ALL

%wheel  ALL=(ALL)   ALL

编辑：琳达不是轮组成员

我还尝试在单独的行中向 sudeors 的 linda 授予权限，检查 grep 结果，但没有效果

[student@localhost ~]$ sudo grep 'linda' /etc/sudoers
linda   ALL=/usr/sbin/useradd   ALL
linda   ALL=/usr/sbin/usermod   ALL
[student@localhost ~]$ su - linda
Password: 
[linda@localhost ~]$ sudo usermod -aG IT junaid
[sudo] password for linda: 
Sorry, user linda is not allowed to execute '/sbin/usermod -aG IT junaid' as root on localhost.localdomain.

这是 linda 的 sudo -l

[student@localhost ~]$ sudo visudo 
[student@localhost ~]$ sudo grep 'linda' /etc/sudoers
linda   ALL=/usr/sbin/useradd, /usr/sbin/usermod    ALL
[student@localhost ~]$ su - linda
Password: 
[linda@localhost ~]$ sudo -l
[sudo] password for linda: 
Matching Defaults entries for linda on localhost:
    !visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin, env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE
    KDEDIR LS_COLORS", env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE", env_keep+="LC_COLLATE LC_IDENTIFICATION
    LC_MEASUREMENT LC_MESSAGES", env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE", env_keep+="LC_TIME LC_ALL LANGUAGE
    LINGUAS _XKB_CHARSET XAUTHORITY", secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin

User linda may run the following commands on localhost:
    (root) /usr/sbin/useradd, /usr/sbin/usermod ALL

答案1

我找到了解决方案，我还必须添加 groupadd 权限

linda   ALL=/usr/sbin/useradd, /usr/sbin/usermod, /usr/sbin/groupadd    ALL

一旦我在 sudoers 中添加 /usr/sbin/groupadd，我现在可以使用 usermod 命令在组中添加用户

感谢各位的支持：-）

答案1

相关内容