我想知道为什么我的脚本不能在 Ubuntu 22.04 上以 root 身份运行。我希望无论执行它的用户如何,它都会执行此操作,而不要求任何类型的身份验证。该脚本应该像 root 用户一样运行其所有命令,但只有真正的 root 用户才能读取或写入它。为了实现这个目标,我遵循了这篇文章中的说明:
所以,这就是我所做的:
1)我在 /etc/xdg/autostart 上放置了名为:check-nvidia-audio.desktop 的桌面文件,其中包含以下内容(和 chmod +x):
[Desktop Entry]
Version=1.0
Type=Application
Name=check_kernel
GenericName=Check the kernel version and unbind the NVIDIA audio driver
Comment=Check the kernel version and unbind the NVIDIA audio driver
Exec=sudo check-kernel
Icon=applications-biology
Path=/usr/sbin
Terminal=false
StartupNotify=false
2) 在 /usr/sbin 上,名为 check-kernel 的脚本,其中包含以下内容(和 chmod +x):
if [ "`id -u`" -ne 0 ]; then
echo "Switching from `id -un` to root"
exec sudo "$0"
exit 99
fi
# Lets check the kernel version
function kernel-check() {
CURRENT_KERNEL_VERSION=$(uname --kernel-release | cut --delimiter="-" --fields=3-4)
echo CURRENT_KERNEL_VERSION = $CURRENT_KERNEL_VERSION
if [ "${CURRENT_KERNEL_VERSION}" = "liquorix-amd64" ]; then
echo "Kernel in use is already patched with the ACS patch and each NVIDIA audio device works great"
exit
else
echo "Kernel in use is not patched with the ACS patch so I have to unbind each NVIDIA audio device from its driver"
audio_device_list=( $(/usr/bin/iommu_viewer.sh | grep "Audio device.*: NVIDIA" | awk '{ print $3 }' ) )
audio_group_list=( $(/usr/bin/iommu_viewer.sh | grep "Audio device.*: NVIDIA" | awk '{ print $2 }' ) )
echo "audio nvidia gpu n. 1 =" ${audio_device_list[0]}
echo "audio nvidia gpu n. 2 =" ${audio_device_list[1]}
echo "iommu group nvidia gpu n. 1 =" ${audio_group_list[0]}
echo "iommu group nvidia gpu n. 2 =" ${audio_group_list[1]}
# Lets check the audio of the nvidia gpu
if [ ${audio_group_list[0]} -eq ${audio_group_list[1]} ]; then
for audio_device in "${audio_device_list[@]}"
do echo "$audio_device" > "/sys/bus/pci/devices/$audio_device/driver/unbind"
done
fi
fi
}
kernel-check
3)这就是我的 /etc/sudoers 文件的样子:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
Defaults use_pty
# Cmnd alias specification
ALL ALL = NOPASSWD: /usr/sbin/check-kernel
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "@include" directives:
@includedir /etc/sudoers.d
当我重新启动电脑时,没有任何反应,当我尝试手动执行脚本时,会发生以下情况:
:~$ check-kernel
Switching from ziomario to root
[sudo] password di ziomario:
or
:~$ sudo check-kernel
[sudo] password di ziomario:
这不是预期的行为。它不应该要求输入密码,因为在 sudoers 文件中,我已经指定:
全部 全部 = NOPASSWD:/usr/sbin/check-kernel
似乎它完全忽略了它。此外,这种行为不尊重这里所说的:
具体来说这个假设:
选项 B:仅让该脚本通过 sudo 运行。
ALL ALL = NOPASSWD: /usr/local/bin/reset-swap
然后您可以将其称为 sudo reset-swap 而不是 reset-swap
如果您感兴趣,如果脚本不以 root 身份运行,它可以提升自身,让它在不指定 sudo 前缀的情况下运行:
#!/bin/sh
if [ "`id -u`" -ne 0 ]; then
echo "Switching from `id -un` to root"
exec sudo "$0"
exit 99
fi
swapoff /dev/sdb
shred -n0 -z /dev/sdb
mkswap /dev/sdb
swapon /dev/sdb
你能想象哪里可能出错吗?谢谢。
NB1:提供的链接对我没有帮助,因为他们建议这样做:
myusername ALL = (root) NOPASSWD: /path/to/my/program
不幸的是,对于我的项目,我无法在那里填写我的用户名。这是因为我不知道它是什么。我正在创建一个自定义发行版,只有安装它的用户才能知道用户名是什么。我尝试做这样的事情,但没有成功:
echo $USER ALL = (root) NOPASSWD: /usr/sbin/check-kernel
NB2:这似乎很有效:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
Defaults use_pty
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "@include" directives:
ALL ALL = NOPASSWD: /usr/sbin/check-kernel
@includedir /etc/sudoers.d