当前位置: 文江博客话题详情

通过shell脚本将用户添加到sudoers

发布于 2024-12-25 12:48:06 字数 60 浏览 3 评论 0原文

是否可以通过 shell 脚本将用户添加到 sudoers 文件中? 我环顾四周,仍然没有发现任何东西。

原文

Is it possible to add users to the sudoers file through a shell script?
I've been looking around, still can't find anything.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(11

別甾虛僞 2025-01-01 12:48:06

您可以简单地echo(当然,具有提升的权限)直接到/etc/sudoers文件:(

sudo -i
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers
#             ^^
#             tab

注意用户名和第一个ALL之间的制表符)

或者,对于脚本:

#!/bin/bash
# Run me with superuser privileges
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers

然后保存到 somefile.shchmod a+rx 它,然后运行 ​​sudo ./somefile.sh< /code> 从终端窗口。

要添加多个用户,请将脚本更改为:

#!/bin/bash

while [[ -n $1 ]]; do
    echo "$1    ALL=(ALL:ALL) ALL" >> /etc/sudoers;
    shift # shift all parameters;
done

然后,像这样运行脚本(假设您将其保存为 addsudousers.sh):

sudo ./addsudousers.sh bob joe jeff

即以空格分隔。

要从文件中读取名称:

nickw444@laptop ~ $ sudo ./addsudousers.sh `cat listofusers.txt`

listofusers.txt 也应该以空格分隔。

编辑:贾皮·柯克正确地指出您不能直接调用sudo echo ... >>> /etc/sudoers 因为 >> 重定向是由 shell 处理的,此时 shell 已经删除了超级用户权限。但是,如果您运行包含 echo ... >> 的脚本/etc/sudoers 并且脚本本身具有超级用户权限,一切都应该正常工作。

You could simply echo (with elevated privileges, of course) directly to the /etc/sudoers file:

sudo -i
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers
#             ^^
#             tab

(note the tab character between the username and the first ALL)

Or, for a script:

#!/bin/bash
# Run me with superuser privileges
echo 'nickw444  ALL=(ALL:ALL) ALL' >> /etc/sudoers

Then save to somefile.sh, chmod a+rx it, and run sudo ./somefile.sh from a terminal window.

To add multiple users, change the script to this;

#!/bin/bash

while [[ -n $1 ]]; do
    echo "$1    ALL=(ALL:ALL) ALL" >> /etc/sudoers;
    shift # shift all parameters;
done

Then, run the script like this (assuming you saved it as addsudousers.sh):

sudo ./addsudousers.sh bob joe jeff

that is, space-separated.

To read the names from a file:

nickw444@laptop ~ $ sudo ./addsudousers.sh `cat listofusers.txt`

listofusers.txt should also be space-separated.

Edit: Jappie Kirk rightly points out that you can't directly call sudo echo ... >> /etc/sudoers because the >> redirection is handled by the shell, which has by that point dropped the superuser privileges. However, if you run a script that contains echo ... >> /etc/sudoers and the script itself has superuser privileges, everything should work just fine.

回复 原文
屋顶上的小猫咪 2025-01-01 12:48:06

不,直接 echo 不起作用,您必须在子 shell 中运行它。请尝试以下操作:

sudo sh -c "echo \"group ALL=(user) NOPASSWD: ALL\" >> /etc/sudoers"

No, a straight echo won't work, you have to run it in a subshell. Try this instead:

sudo sh -c "echo \"group ALL=(user) NOPASSWD: ALL\" >> /etc/sudoers"

回复 原文
┾廆蒐ゝ 2025-01-01 12:48:06

还有 sudo 组,您可以向其中添加用户(用于 /etc/sudoers 的常见配置)

adduser [用户名] sudo

There is also the sudo group, and you could add users to it (for common configurations of /etc/sudoers)

adduser [username] sudo

回复 原文
寄与心 2025-01-01 12:48:06

基于 RedHat 的发行版上,使用:

su - root

并输入您的密码,然后:

echo 'YOURUSERNAME ALL=(ALL:ALL) ALL' >> /etc/sudoers

在 sudoers 文件中添加用户。

on RedHat Based Distributions use:

su - root

and enter your password, then :

echo 'YOURUSERNAME ALL=(ALL:ALL) ALL' >> /etc/sudoers

to add the user in sudoers file.

回复 原文
木落 2025-01-01 12:48:06

为了在 shell 脚本中授予用户 sudo 权限 (Unix/Linux),请使用 usermod 函数

sudo usermod -aG sudo <userName>

示例:

sudo usermod -aG sudo johnDoe

用于验证: 使用组功能(显示组成员身份)并在正确的用户下验证 sudo 组。

groups <userName>

示例:

groups johnDoe
#!johnDoe: johnDoe sudo

linux 文档的解释:

usermod 命令修改系统帐户文件以反映在命令行上指定的更改。

-a, --append

将用户添加到补充组。仅与 -G 选项一起使用。

-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]

用户也是其成员的补充组的列表。每组是?>分开
从下一个逗号开始,中间没有空格。团体
受到与 -g 给出的组相同的限制
选项。如果用户当前是某个组的成员,但该组不是
列出后,该用户将从该组中删除。这种行为可以是
通过 -a 选项更改,该选项将用户附加到当前
补充组列表。

In order to grant to user sudo permission in shell script (Unix/Linux) use the usermod function:

sudo usermod -aG sudo <userName>

example:

sudo usermod -aG sudo johnDoe

For Verification: use the groups function ( which show the group membership ) and verify the sudo group us under the right user.

groups <userName>

example:

groups johnDoe
#!johnDoe: johnDoe sudo

Explanation from linux documentation:

The usermod command modifies the system account files to reflect the changes that are specified on the command line.

-a, --append

Add the user to the supplementary group(s). Use only with the -G option.

-G, --groups GROUP1[,GROUP2,...[,GROUPN]]]

A list of supplementary groups which the user is also a member of. Each group is ?> separated
from the next by a comma, with no intervening whitespace. The groups
are subject to the same restrictions as the group given with the -g
option. If the user is currently a member of a group which is not
listed, the user will be removed from the group. This behaviour can be
changed via the -a option, which appends the user to the current
supplementary group list.

回复 原文
一曲爱恨情仇 2025-01-01 12:48:06

其他答案(例如生成子 shell)将起作用,但如果您想使用环境变量,则可能不起作用。我发现另一种选择对我来说非常好:

echo "%<user>      ALL=(ALL) ALL" | sudo tee -a /etc/sudoers > /dev/null

话虽这么说,事后看来是 20/20...如果通过脚本而不是通过 visudo 修改 sudoers,我会认真建议首先创建一个具有正确文件权限和内容的备份,因为您可以如果没有 pkexec、物理访问或重新启动等,将失去对任何 sudo 权限的访问。

sudo cp /etc/sudoers /etc/sudoers.bak

Other answers such as spawning a subshell will work, but may not work if you want to use environmental vars. One alternative I found played really nicely for me:

echo "%<user>      ALL=(ALL) ALL" | sudo tee -a /etc/sudoers > /dev/null

This being said, hindsight is 20/20... If modifying sudoers via a script and not via visudo I would seriously recommend creating a backup with the right file permissions and contents first since you can lose access to any sudo rights without pkexec, physical access or a reboot etc.

sudo cp /etc/sudoers /etc/sudoers.bak
回复 原文
世俗缘 2025-01-01 12:48:06

单行创建带有密码的用户并在 sudo 组中。

useradd -p $(openssl passwd -1 密码) 用户名 -s /bin/bash -G sudo

Single line to create user with password and in sudo group.

useradd -p $(openssl passwd -1 PASSWORD) USERNAME -s /bin/bash -G sudo

回复 原文
逆光飞翔i 2025-01-01 12:48:06

在 Debian 和 Ubuntu 中,您可以将用户添加到 /etc/sudoers.d 目录。该目录有一个 README 文件。创建一个名为 99_sudo_include_file 的文件并将其放入 /etc/sudoers.d/ 目录中。删除用户或添加用户很容易,只需创建一个新文件并覆盖旧文件即可。您只需回显新文件并在每次想要更改时覆盖旧文件即可。

echo '#== Visudo Users - All Permissions
#== ==============================
usersam      ALL=(ALL) ALL
userlam      ALL=(ALL) ALL
userfam      ALL=(ALL) ALL

#== Visudo Users - Certain Scripts
#== ==============================
userkam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
useroam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
userpam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh

#== Visudo Users - Certain Commands
#== ===============================
userpam      ALL=NOPASSWD: /sbin/reboot, /usr/bin/apt-get
userwam      ALL=NOPASSWD: /sbin/reboot, /usr/bin/apt-get' > /etc/sudoers.d/99_sudo_include_file

这样您就不会触及原始的 /etc/sudoers 文件

In Debian and Ubuntu you can add users to the /etc/sudoers.d directory. The directory has a README file. Create a file called 99_sudo_include_file and drop it in the /etc/sudoers.d/ directory. It's easy to remove users or add users, just create a new file and overwrite the old file. You can simply echo your new file and overwrite the old file each time you want to change it.

echo '#== Visudo Users - All Permissions
#== ==============================
usersam      ALL=(ALL) ALL
userlam      ALL=(ALL) ALL
userfam      ALL=(ALL) ALL

#== Visudo Users - Certain Scripts
#== ==============================
userkam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
useroam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh
userpam      ALL=NOPASSWD: /path/to/script.sh, /path/to/script2.sh

#== Visudo Users - Certain Commands
#== ===============================
userpam      ALL=NOPASSWD: /sbin/reboot, /usr/bin/apt-get
userwam      ALL=NOPASSWD: /sbin/reboot, /usr/bin/apt-get' > /etc/sudoers.d/99_sudo_include_file

This way you don't touch your original /etc/sudoers file

回复 原文
所有深爱都是秘密 2025-01-01 12:48:06

在不更改 /etc/sudoers 文件的情况下,您还可以通过将用户添加到wheel组(在Fedora、Centos ..上)和sudo组(在Ubuntu ecc..上)来授予sudoer权限。
以下是 Centos 中用户 jdoe 的示例:

$sudo usermod jdoe -G wheel

Without changing the /etc/sudoers file, you can also grant the sudoer privileges by adding the user to the wheel group (on Fedora, Centos ..) and the sudo group (on Ubuntu ecc..).
Here an example with Centos for the user jdoe:

$sudo usermod jdoe -G wheel

回复 原文
眸中客 2025-01-01 12:48:06

以 root 身份登录到您的计算机。 root 用户是唯一有权添加新用户的用户。

登录后,您现在可以尝试以下命令:

  1. 创建新用户。

    adduser [用户名]

  2. 为用户添加密码

    passwd [用户名]

  3. 为用户授予 root 权限
    只需键入

    即可编辑 visudo 文件

    在此处输入代码

即可编辑 visudo 文件找到以下代码行:
root ALL=(ALL) ALL

然后添加以下代码:

[username] ALL=(ALL) ALL

原始帖子将在此链接上找到 Centos 6 – 创建 sudoers 用户

Login as root to your machine. The root user are the only one who has privilege to add new user.

Once you logged-in, you may now try the following commands below:

  1. Create a new user.

    adduser [username]

  2. Add password to user

    passwd [username]

  3. Grant root privileges to user
    Edit the visudo file by simply typing

    enter code here

Find the following line of code:
root ALL=(ALL) ALL

Then add this code below:

[username] ALL=(ALL) ALL

The original post will find on this link Centos 6 – Creating sudoers user

回复 原文
病女 2025-01-01 12:48:06

我想继续将用户添加到 sudoers。
我已经创建了,但问题是当我运行两次 shell 脚本时它会再次添加。

请看下面我的脚本

for i in $(cat users); do

useradd $i

chsh $i /usr/bin/ksh93

echo "user $i added successfully!"

echo $i 'ALL=(ALL)    NOPASSWD: ALL' >> /HAapps/sudoers

echo $i:$i"123" | chpasswd

echo "Password for user $i changed successfully"

done

=============

这是结果

ario1 ALL=(ALL)    NOPASSWD: ALL
ario2 ALL=(ALL)    NOPASSWD: ALL

如何检查或验证用户是否已经存在,因此不需要再次添加?
谢谢大家师父
需要您的建议

I want continue about add user to sudoers.
I already create, but the problem is when I run twice the shell script it will add again.

Please see below my script

for i in $(cat users); do

useradd $i

chsh $i /usr/bin/ksh93

echo "user $i added successfully!"

echo $i 'ALL=(ALL)    NOPASSWD: ALL' >> /HAapps/sudoers

echo $i:$i"123" | chpasswd

echo "Password for user $i changed successfully"

done

=============

this is the result

ario1 ALL=(ALL)    NOPASSWD: ALL
ario2 ALL=(ALL)    NOPASSWD: ALL

How to check or verify if the user already exist, so don't need add again ?
Thank you All Master
Need your advice

回复 原文
~没有更多了~

关于作者

眼眸

暂无简介

文章
评论
562 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

alipaysp_snBf0MSZIv

文章 0 评论 0

梦断已成空

文章 0 评论 0

瞎闹

文章 0 评论 0

凯凯我们等你回来

文章 0 评论 0

寄意

文章 0 评论 0

似梦非梦

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文