linux下,普通用户,sudo时需要密码
改成没密码,
vi /etc/sudoers
在 root ALL=(ALL) ALL后加一行
sysusr ALL=(ALL) NOPASSWD: ALL (92行)
有时将用户设了nopasswd,但无效,原因是被后面的group的设置覆盖了,需要把group的设置也改为nopasswd。
sysusr账号所在组(wheel):见102行,%wheel,设置用户组sudo不加密,保存即可生效。
...
81 ## Next comes the main part: which users can run what software on 82 ## which machines (the sudoers file can be shared between multiple 83 ## systems). 84 ## Syntax: 85 ## 86 ## user MACHINE=COMMANDS 87 ## 88 ## The COMMANDS section may have other options added to it. 89 ## 90 ## Allow root to run any commands anywhere 91 root ALL=(ALL) ALL 92 sysusr ALL=(ALL) NOPASSWD: ALL 93 94 ## Allows members of the 'sys' group to run networking, software, 95 ## service management apps and more. 96 # %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS 97 98 ## Allows people in group wheel to run all commands 99 %wheel ALL=(ALL) ALL 100 101 ## Same thing without a password 102 # %wheel ALL=(ALL) NOPASSWD: ALL //这一行的#要放开,效果上,覆盖99行的设置 103 104 ## Allows members of the users group to mount and unmount the 105 ## cdrom as root 106 # %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom 107 108 ## Allows members of the users group to shutdown this system 109 # %users localhost=/sbin/shutdown -h now 110 111 ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) 112 #includedir /etc/sudoers.d
附录:查看用户所在组的两个方式:
1.groups命令
[sysusr@GCOS 12:15:58]$ groups
sysusr wheel service <~>
2.查看/etc/group
[sysusr@GCOS 12:18:49]$ cat /etc/group|grep sysusr wheel:x:10:sysusr sysusr:x:1000:service,postgres,mysql,nginx,apache service:x:2000:sysusr,postgres,mysql,nginx,apache <~>
参考: