sudoers: NOPASSWD na mesma linha que PASSWD: ALL?

2

Esta combinação é legal:

username ALL=(ALL) NOPASSWD: /usr/bin/foo, PASSWD:ALL

ou eles entram em conflito ou se anulam mutuamente?

    
por dperry1973 27.06.2013 / 19:49

1 resposta

4

Olhando para a sudoers man page , eu diria que você pode fazê-los juntos:

Tag_Spec
  A command may have zero or more tags associated with it.  There are eight
  possible tag values, NOPASSWD, PASSWD, NOEXEC, EXEC, SETENV, NOSETENV,
  LOG_INPUT, NOLOG_INPUT, LOG_OUTPUT and NOLOG_OUTPUT.  Once a tag is set on 
  a Cmnd, subsequent Cmnds in the Cmnd_Spec_List, inherit the tag unless it 
  is overridden by the opposite tag (i.e.: PASSWD overrides NOPASSWD and 
  NOEXEC overrides EXEC).

O PASSWD:ALL substituirá o NOPASSWD depois. Existe até um exemplo que mostra o que você está tentando na man page.

By default, sudo requires that a user authenticate him or herself before running a command. This behavior can be modified via the NOPASSWD tag. Like a Runas_Spec, the NOPASSWD tag sets a default for the commands that follow it in the Cmnd_Spec_List. Conversely, the PASSWD tag can be used to reverse things. For example:

ray     rushmore = NOPASSWD: /bin/kill, PASSWD: /bin/ls, /usr/bin/lprm

Referências

por 27.06.2013 / 20:00

Tags