想要允许应用程序使用 rhel 8 安装驱动器

想要允许应用程序使用 rhel 8 安装驱动器

我可以使用 sudo mount.cifs 安装我的驱动器......我可以使用 sudo umount /mnt/mountpoint 卸载

它提示我输入密码,所以我将 sudoers 文件更改为 NOPASSWD:ALL,现在它不再提示我。

我有一个应用程序,我希望任何有权访问该应用程序的人在运行它时都能挂载驱动器,但如果我执行 sudo -u username mount.cifs....,它会提示我输入用户密码。这一切都将编写脚本或像从命令行执行一样执行命令。

我需要它做的是让运行该应用程序的任何人都至少能够执行 mount 命令,尽管我还希望它能够创建目录 (mkdir),以便我可以从控制文件创建挂载,然后它可以创建目录并根据给定的参数进行连接。我已经编写了代码来检查挂载是否存在,如果不存在则创建或连接,但不知道如何绕过 sudo 命令的工作方式。

我想避免写这个,以便每次资源不可用并且挂载下降时,不需要发送消息让某人登录并手动执行此操作。

答案1

手册mount(8)页解释了要做什么。

   Non-superuser mounts
       Normally,  only  the  superuser  can  mount filesystems.  However, when
       fstab contains the user option on a line, anybody can mount the  corre‐
       sponding filesystem.

       Thus, given a line

              /dev/cdrom  /cd  iso9660  ro,user,noauto,unhide

       any  user  can  mount the iso9660 filesystem found on an inserted CDROM
       using the command:

              mount /cd

       Note that mount is very strict about non-root users and all paths spec‐
       ified  on  command line are verified before fstab is parsed or a helper
       program is executed. It's strongly recommended to use  a  valid  mount‐
       point to specify filesystem, otherwise mount may fail. For example it's
       a bad idea to use NFS or CIFS source on command line.

(这可能是一个坏主意,但是如果您的 mount 命令语法正确,它就会起作用,而且这很容易。)

       For more details, see fstab(5).  Only the user that mounted a  filesys‐
       tem  can  unmount  it again.  If any user should be able to unmount it,
       then use users instead of user in the fstab line.  The owner option  is
       similar  to the user option, with the restriction that the user must be
       the owner of the special file.  This may be useful e.g. for /dev/fd  if
       a  login script makes the console user owner of this device.  The group
       option is similar, with the restriction that the user must be a  member
       of the group of the special file.

答案2

我找到了对我来说最好的方法。

所有用户都将成为 jbase 组的成员。您可以在 sudoers 文件中提供组 sudo 信息。

我添加了这一行:

%jbase ALL =(全部)NOPASSWD:/usr/bin/mount,/usr/bin/umount,/usr/sbin/mount.cifs,/usr/bin/mkdir

我现在可以执行 sudo mount.cifs……并且 jbase 组中的任何人都不需要输入密码。

相关内容