我正在尝试使用 NOPASSWD 将 scp 设置为特定用户。
alice ALL = (bob:ALL) NOPASSWD: /usr/bin/scp
正如我所理解的这个问题. 但是当我使用 visudo 保存时我仍然无法运行sudo -u bob /usr/bin/scp bob@scp_client:upload_this_file。
命令中应包含哪些内容才能允许 alice 以 bob 身份(但不能以 root 身份)无密码执行 scp。
注:我确实看到了这,而且我觉得我的 sudoers 文件中的所有内容都是正确的顺序,因为我知道命令的顺序,你可以学习这里。
整个 visudo 文件:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults insults
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# Dropped this as it doesn't really matter..
# User alias specification
# Dropped this as it doesn't really matter..
# Cmnd alias specification
# Dropped this as it doesn't really matter..
# User privilege specification
root ALL=(ALL:ALL) ALL
# We have admin groups (Todo: make this smaller)
%admin ALL=(ALL) ALL
%sudo ALL=(ALL:ALL) ALL
# Include the sudoers.d
#includedir /etc/sudoers.d
# One to rule all of them
alice ALL = (bob:ALL) NOPASSWD: /usr/bin/scp
答案1
看来sudo -u bob -- ssh bob@node
已经sudo成功传递了scp命令。