我正在尝试让我们的服务帐户能够重新启动 nginx。这是我所拥有的
Host_Alias WEBSVR=int-a3web-01w
User_Alias APPUSER=appmin
Cmnd_Alias NGINX=/etc/init.d/nginx restart, /bin/systemctl restart nginx.service
APPUSER WEBSVR=(root)NOPASSWD:NGINX
无论我如何执行此操作,它仍然提示输入密码。当我跟踪audit.log时,这就是所说的
Jan 21 13:54:41 web01w polkitd[846]: Registered Authentication Agent for unix-process:29343:1402067 (system bus name :1.229 [/usr/bin/pkttyagent --notify-fd 5 --fallack], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jan 21 13:55:06 web01w polkit-agent-helper-1[29353]: pam_unix(polkit-1:auth): conversation failed
Jan 21 13:55:06 web01w polkit-agent-helper-1[29353]: pam_unix(polkit-1:auth): auth could not identify password for [root]
Jan 21 13:55:06 web01w polkit-agent-helper-1[29353]: pam_succeed_if(polkit-1:auth): requirement "uid >= 1000" not met by user "root"
Jan 21 13:55:06 web01w polkitd[846]: Unregistered Authentication Agent for unix-process:29343:1402067 (system bus name :1.229, object path /org/freedesktop/PolicyKit/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Jan 21 13:55:06 web01w polkitd[846]: Operator of unix-process:29343:1402067 FAILED to authenticate to gain authorization for action org.freedesktop.systemd1.manage-uits for system-bus-name::1.230 [<unknown>] (owned by unix-user:appmin)
我们使用 LDAP 进行常规用户访问,此 appmin 帐户是本地服务帐户,因此我不确定 LDAP 是否是我的问题的一部分。任何帮助将不胜感激。