发表新帖
发表新帖

How do I edit /etc/sudoers from a script?

后端 未结
关注
12 731
花落未央
花落未央 2020-12-04 05:43

I need to edit /etc/sudoers from a script to add/remove stuff from white lists.

Assuming I have a command that would work on a normal file, how could I

相关标签:
12条回答
  • 故里飘歌
    2020-12-04 06:41

    I think the most straight forward solution is to:

    Create a script addsudoers.sh

    #!/bin/sh

while [ -n "$1" ]; do
    echo "$1    ALL=(ALL:ALL) ALL" >> /etc/sudoers;
    shift # shift all parameters
done

    and call it with the users you want to add it as:

    root prompt> ./addsudoers.sh user1 user2

    For the full explanation see this answer: Adding users to sudoers through shell script

    Regards!

    0 讨论(0)
  • 感情败类
    2020-12-04 06:41

    Try to echo it. You have to run it in a subshell, though. Example:

    sudo sh -c "echo \"group ALL=(user) NOPASSWD: ALL\" >> /etc/sudoers"

    0 讨论(0)
  • 走了就别回头了
    2020-12-04 06:42

    If your sudo allows adding entries in /etc/sudoers.d, then you can use this answer by @dragon788:

    https://superuser.com/a/1027257/26022

    Basically you use visudo to verify the file before you copy it into /etc/sudoers.d, so you can be sure you're not breaking sudo for anyone.

    visudo -c -q -f filename

    This checks it and returns success (0) if it's valid, so you can use it with if, && and other script boolean operations. Once you validate, just copy it into /etc/sudoers.d and it should work. Make sure its owned by root and not writable by other.

    0 讨论(0)
  • 陌清茗
    2020-12-04 06:42

    Just to add a further option to the answers above, if the race condition is not a major concern, then the following command can be used to avoid manually copying a modified file to /etc/sudoers

    sudo EDITOR="cp /tmp/sudoers.new" visudo

    This will ensure that the new file is validated and installed correctly with permissions update.

    Note that if there is an error in the /tmp/sudoers.new file then visudo will prompt for user input so it is advisable to check it with visudo -c -f /tmp/sudoers.new first.

    0 讨论(0)
  • [愿得一人]
    2020-12-04 06:45

    visudo is supposed to be the human interface for editing /etc/sudoers. You can achieve the same by replacing the file directly, but you have to take care yourself about concurrent editing and syntax validation. Mind the r--r----- permissions.

    0 讨论(0)
  • 小鲜肉
    2020-12-04 06:46

    Set up a custom editor. Basically it will be a script that accepts the filename (in this case /etc/sudoers.tmp), and modify and save that in place. So you could just write out to that file. When you are done, exit the script, and visudo will take care of modifying the actual sudoers file for you.

    sudo EDITOR=/path/to/my_dummy_editor.sh visudo
    0 讨论(0)
 看不清?
提交回复
热议问题