即使我的用户组不在sudoers文件中,为什么以sudo的身份运行命令时也没有得到密码提示?

1

我在/etc其中具有以下权限:

drwxr-xr-x  23 root  wheel  2560 Jul  1 20:47 etc

$ whoami
pierre
$ groups
pierre

我必须跑sudo,如果我想touch foo/etc

我想要的是提示输入root的密码,但是即使更改了此行,我也没有得到提示:

%wheel ALL=(ALL) NOPASSWD: ALL

sudo visudo到:

%wheel ALL=(ALL) PASSWD: ALL

不过,考虑到我当前的用户不在组中,这甚至都没有关系wheel...我已经确保该root帐户已设置了密码(通过使用进行设置sudo passwd root)。

我在FreeBSD 10.3-RELEASE-p11云服务器上。

非常感谢您对为什么没有提示输入密码的任何见解!

这是添加@jesse_b答案中建议的行之后的我的suoders文件。

## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##

##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias    WEBSERVERS = www1, www2, www3

##
## User alias specification
##
## Groups of users.  These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias    ADMINS = millert, dowdy, mikef

##
## Cmnd alias specification
##
## Groups of commands.  Often used to group related commands together.
# Cmnd_Alias    PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
#               /usr/bin/pkill, /usr/bin/top
# Cmnd_Alias    REBOOT = /sbin/halt, /sbin/reboot, /sbin/poweroff

##
## Defaults specification
##
## Uncomment if needed to preserve environmental variables related to the
## FreeBSD pkg utility and fetch.
# Defaults     env_keep += "PKG_CACHEDIR PKG_DBDIR FTP_PASSIVE_MODE"
##
## Additionally uncomment if needed to preserve environmental variables
## related to portupgrade
# Defaults     env_keep += "PORTSDIR PORTS_INDEX PORTS_DBDIR PACKAGES PKGTOOLS_CONF"
##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
## Locale settings
# Defaults env_keep += "LANG LANGUAGE LINGUAS LC_* _XKB_CHARSET"
##
## Run X applications through sudo; HOME is used to find the
## .Xauthority file.  Note that other programs use HOME to find   
## configuration files and this may lead to privilege escalation!
# Defaults env_keep += "HOME"
##
## X11 resource path settings
# Defaults env_keep += "XAPPLRESDIR XFILESEARCHPATH XUSERFILESEARCHPATH"
##
## Desktop path settings
# Defaults env_keep += "QTDIR KDEDIR"
##
## Allow sudo-run commands to inherit the callers' ConsoleKit session
# Defaults env_keep += "XDG_SESSION_COOKIE"
##
## Uncomment to enable special input methods.  Care should be taken as
## this may allow users to subvert the command being run via sudo.
# Defaults env_keep += "XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER"
##
## Uncomment to use a hard-coded PATH instead of the user's to find commands
# Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
##
## Uncomment to send mail if the user does not enter the correct password.
# Defaults mail_badpass
##
## Uncomment to enable logging of a command's output, except for
## sudoreplay and reboot.  Use sudoreplay to play back logged sessions.
# Defaults log_output
# Defaults!/usr/bin/sudoreplay !log_output
# Defaults!/usr/local/bin/sudoreplay !log_output
# Defaults!REBOOT !log_output

##
## Runas alias specification
##
Defaults rootpw
##
## User privilege specification
##
root ALL=(ALL) ALL

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

## Same thing without a password
%wheel ALL=(ALL) PASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /usr/local/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /usr/local/etc/sudoers.d
sudo  freebsd  root 
帕皮罗
source
2
/usr/local/etc/sudoers.d中是否有文件?
杰夫·谢勒
您应该在编辑/usr/local/etc/sudoers
箭头
@Jeff ...您的头上钉住了:)您想发布答案吗?
papiro's
@arrowed,我检查/usr/local/etc/sudoers并确认通过sudo visudo确实保存了我的编辑。
papiro's

Answers:

2

这是一种非显而易见的语法,因为它看起来像一条注释,但是sudoers允许您使用指令将规则包含在另一个目录中:

#includedir /usr/local/etc/sudoers.d

您的nopasswd规则可能存在于该目录中的文件中。

杰夫·谢勒
source
0

尝试将以下行添加到/etc/sudoers

Defaults rootpw

我认为sudo通常会提示输入当前用户的密码,只要该用户是wheel组的成员即可。

杰西
source
在中阅读了有关此内容的内容后man sudoers,我添加了它,认为它可以正常工作。我还重新启动了服务器-但没有运气。我仍然可以在sudo touch foo没有密码提示的情况下执行。我还在手册页中阅读了以下内容:By default, sudo requires that a user authenticate him or herself before running a command. This behavior can be modified via the NOPASSWD tag. 由于我的用户甚至不属于sudoers文件中提到的任何组,因此我希望默认值将如手册页中所述... :(
papiro
它实际上是在/ etc中创建文件吗?如果是的话,如果删除该文件然后重试该怎么办?
Jesse_b
是的,它正在创建foo,并且每次都会立即执行sudo rm foo。我还通过执行sudo vim foo进行了双重验证,并对其进行了编辑并成功保存。
papiro'7
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.