【问题标题】:How do I create guest sudo privilege for unique python script?如何为独特的 python 脚本创建访客 sudo 权限?
【发布时间】:2019-06-07 20:19:45
【问题描述】:

在 Raspberry Pi 上,我希望来宾用户能够运行需要 sudo 权限的单个 python 脚本,但无需使用密码即可运行其他需要 sudo 权限的脚本。

我已使用 viuser 编辑了 /etc/sudoer 文件,但未能获得所需的结果。当我以“访客”身份登录并尝试运行脚本时,计算机会要求输入超级用户密码。

编辑后的 ​​/etc/sudoer 文件如下:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$

# Host alias specification

# User alias specification
User_Alias      GROUPONE = guest

# Cmnd alias specification
Cmnd_Alias      SCRIPT = /home/guest/test.py
GROUPONE        ALL = SCRIPT

# User privilege specification
root    ALL=(ALL:ALL) ALL
GROUPONE    ALL = NOPASSWD: /home/guest/test.py

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

python脚本是:

import subprocess
def Go():
    subprocess.call(['sudo','echo', 'Test string'])
if __name == '__main__':
    Go() 

“python test.py”的预期结果是控制台上的“测试字符串”。 而是计算机请求访客 sudo 密码。

【问题讨论】:

    标签: linux permissions


    【解决方案1】:

    请尝试

    modify user <GUEST> to add additional group <sudo>, I think <usermod --group GRP1...>
    
    change group of the script to <sudo> and make group executable <chmod g+x SCRIPT> & < chgrp sudo SCRIPT>
    

    我还没有测试过,但这应该可以工作。

    【讨论】:

      【解决方案2】:

      通过 visudo 对 /etc/sudoers 的这种编辑起到了作用。 'guest' 可以执行 python 脚本或以 root 身份调用 python 脚本的 bash 脚本,不需要密码,但根本不需要密码,因为没有分配 'guest' 密码。

      #
      # This file MUST be edited with the 'visudo' command as root.
      #
      # Please consider adding local content in /etc/sudoers.d/ instead of
      # directly modifying this file.
      #
      # See the man page for details on how to write a sudoers file.
      #
      Defaults        env_reset
      Defaults        mail_badpass
      Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$
      
      # Host alias specification
      
      # User alias specification    
      
      # Cmnd alias specification
      Cmnd_Alias USER_CMDS = /usr/bash, /usr/bin/python, /home/guest/test.py,\
       /home/guest/test_pi.sh
      
      
      # User privilege specification
      root    ALL=(ALL:ALL) ALL
      guest   ALL=(ALL) NOPASSWD: USER_CMDS
      
      # Allow members of group sudo to execute any command
      %sudo   ALL=(ALL:ALL) ALL
      
      # See sudoers(5) for more information on "#include" directives:
      
      #includedir /etc/sudoers.d
      

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2016-09-16
        • 2018-10-24
        • 1970-01-01
        • 1970-01-01
        相关资源
        最近更新 更多