如何为唯一的python脚本创建guest sudo特权?

时间:2019-06-07 20:19:45

标签: linux permissions

在Raspberry Pi上,我希望来宾用户能够运行一个需要sudo特权的python脚本,而无需使用密码就不需要sudo特权。

我已使用viuser编辑了/ etc / sudoer文件,但未能获得所需的结果。当我以“来宾”身份登录并尝试运行脚本时,计算机要求输入超级用户密码。

编辑后的/ etc / sudoer文件如下:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        
secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$

# Host alias specification

# User alias specification
User_Alias      GROUPONE = guest

# Cmnd alias specification
Cmnd_Alias      SCRIPT = /home/guest/test.py
GROUPONE        ALL = SCRIPT

# User privilege specification
root    ALL=(ALL:ALL) ALL
GROUPONE    ALL = NOPASSWD: /home/guest/test.py

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

python脚本是:

import subprocess
def Go():
    subprocess.call(['sudo','echo', 'Test string'])
if __name == '__main__':
    Go()

“ python test.py”的预期结果是控制台上的“测试字符串”。 而是计算机要求来宾sudo密码。

2 个答案:

答案 0 :(得分:0)

请尝试

modify user <GUEST> to add additional group <sudo>, I think <usermod --group GRP1...>

change group of the script to <sudo> and make group executable <chmod g+x SCRIPT> & < chgrp sudo SCRIPT>

我还没有测试过,但这应该可以工作。

答案 1 :(得分:0)

通过visudo进行的/ etc / sudoers的编辑成功了。 “来宾”可以执行python脚本或bash脚本,以root用户身份调用python脚本,而无需输入密码,但由于没有分配“来宾”密码,因此根本没有其他要求。

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:$

# Host alias specification

# User alias specification    

# Cmnd alias specification
Cmnd_Alias USER_CMDS = /usr/bash, /usr/bin/python, /home/guest/test.py,\
 /home/guest/test_pi.sh


# User privilege specification
root    ALL=(ALL:ALL) ALL
guest   ALL=(ALL) NOPASSWD: USER_CMDS

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d
相关问题
最新问题