我想运行这个脚本(它是 git 存储库的接收后钩子):
#!/bin/sh
echo "Executing post-receive hook as user `id` using `which sudo`"
sudo -l
sudo -n bash /var/project/autotest/autotest.sh
它应该在不要求密码的情况下运行,但我得到以下输出:
Executing post-receive hook as user uid=1005(martinjonas) gid=1001(martinjonas)
groups=1001(martinjonas),1009(lifeweb),1017(project) using /usr/bin/sudo
Matching Defaults entries for martinjonas on this host:
env_reset
User martinjonas may run the following commands on this host:
(root) NOPASSWD: /var/project/autotest/autotest.sh
sudo: sorry, a password is required to run sudo
正如您所看到的,根据 sudo -l 的输出,我应该能够在没有密码的情况下运行 /var/project/autotest/autotest.sh,但 sudo 仍然要求输入密码。
这是我的 sudoers 文件(它是整个文件,没有其他条目):
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
www-data ALL=(root) NOPASSWD: /usr/bin/svn up
%project ALL=(root) NOPASSWD: /var/project/autotest/autotest.sh
我尝试寻找答案,但我发现唯一可能的问题是使用了错误的 sudo 或 sudoers 中条目的顺序错误,而这两者都被我证明是错误的。
我们在此服务器上使用 Debian 6.0 2。
答案1
您有NOPASSWD条目/var/project/autotest/autotest.sh,但您的命令正在运行bash /var/project/autotest/autotest.sh- 它是不同的命令,这就是它被禁止的原因
删除bash后一切应正常工作。