安装后派网在我的 Ubuntu 机器上,我注意到sudo不再提示我输入密码。重新启动或运行以下命令后仍然如此sudo -k:
$ whoami
thang
$ sudo whoami
root
$ sudo -k
$ sudo whoami
root
如上所示,没有打印密码提示。用户thang不是 UID 1:
$ grep thang /etc/passwd
thang:x:1000:1000:thang,,,:/home/thang:/bin/bash
/etc/sudoers而且我的文件中似乎没有任何奇怪的东西:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
还有一个名为的01staff文件/etc/sudoers.d:
$ cat /etc/sudoers.d/01staff
%teacher ALL=NOPASSWD: ALL
如果相关的话,所属的群体thang是:
$ groups thang
thang : thang adm dialout cdrom sudo audio dip video plugdev games users input lpadmin sambashare pupil teacher
运行需要 root 访问权限的 GUI 程序仍会提示我输入密码,但终端命令则不会。这是怎么回事?
答案1
显然,安装 PiNet 会创建该teachers组,将您的用户添加到其中,并在 中创建文件/etc/sudoers.d。此行:
%teacher ALL=NOPASSWD: ALL
teachers授予组内所有成员无需提供密码即可运行命令的权限sudo。因此,只需将其删除即可:
sudo rm /etc/sudoers.d/01staff
PiNet 似乎是一个帮助管理满是 Pis 的教室的程序,显然,它认为所有教师都应该拥有无密码的 sudo 权限。
如果您确实想保留该设置,只需将您的用户从teachers组中删除:
sudo usermod -G adm dialout cdrom sudo audio dip video plugdev games users input lpadmin sambashare pupil