如何从 Bash 脚本中授予用户 SUDO 权限

How to give Users SUDO Permission from Bash Script

我找到了一个 link (),我们可以通过它在 Linux 中创建用户。 问题是所有从此脚本创建的用户都没有 SUDO 权限(root 权限)。请帮助,哪个哪里我可以添加switches/option 这样当我执行下面的脚本时,它会创建具有 SUDO 权限的所有用户。

#!/bin/bash

# NOTE: Be sure to run this script with `sudo`.

# Read user and password
while read iuser ipasswd; do

  # Just print this for debugging.
  printf "\tCreating user: %s with password: %s\n" $iuser $ipasswd

  # Create the user with adduser (you can add whichever option you like).
  useradd -m -s /bin/false $iuser

  # Assign the password to the user.
  # Password is passed via stdin, *twice* (for confirmation).
  passwd $iuser <<< "$ipasswd"$'\n'"$ipasswd"

done < <(paste users.txt passwords.txt)

下面将原代码扩展如下:

  • 它指定了一个(n 个额外的)组来添加用户。

  • 那一组:

    • 可以是一个 现有的 组,假定已启用 sudo,例如 Ubuntu 上的 sudo 组。
    • 如果不存在,则创建它,并通过目录 /etc/sudoers.d/ 中的专用文件启用 sudo - 以该组命名 - 查看代码和 man sudoers详情。
  • 在用户创建循环中,每个新创建的用户都会添加到该组 usermod:
    sudo usermod <user> -G <group>

    • 注意:作为 useradd 调用的一部分,您也应该能够执行此操作。

这应该 sudo- 启用所有新创建的用户。

注:

  • 通过纯文本文件提供密码存在安全风险。
  • 有关用户创建 (while) 循环中使用的技术的说明,请参阅
#!/usr/bin/env bash

# The sudo-enabled user group to add users to.
# Either choose a preexisting one, such as 'sudo' on Ubuntu, or
# specify a new group to create and sudo-enable on demand (see below).
sudoEnabledGroup='foosudo'

# Test if the group exists.
[[ -z $(awk -F: -v g=$sudoEnabledGroup '==g' /etc/group) ]] && groupExists=0 || groupExists=1

# If the group doesn't exist yet, create it on demand and sudo-enable it.
# Note: Deactive this `if` statement, if the group must already exist.
if (( ! groupExists )); then
  printf "Creating group: %s...\n" $sudoEnabledGroup
  # Create the group.
  sudo groupadd $sudoEnabledGroup || exit
  # Sudo-enable it, via a dedicated file in directory /etc/sudoers.d/, named for the group.
  # CAUTION: The following enables the MOST PRIVILEGES POSSIBLE for the given
  #          group. See `man sudoers`, section "SUDOERS FILE FORMAT" for details.
  customSudoerFile=/etc/sudoers.d/$sudoEnabledGroup
  printf "... and sudo-enabling it via file $customSudoerFile.\n" $sudoEnabledGroup
  sudo sh -c "echo '%$sudoEnabledGroup ALL=(ALL:ALL) ALL' >$customSudoerFile"
fi

# Loop over the user names and passwords from the input files.
usersFile="users.txt"
# CAVEAT: Providing passwords via plain-text file is a SECURITY RISK.
passwdFile="passwords.txt"

printf "Creating users from files '%s' and '%s' and assigning them to group '%s'...\n" "$usersFile" "$passwdFile" $sudoEnabledGroup

while read user passwd; do

  printf "  Creating user: %s...\n" $user

  # Create the user.
  sudo useradd -m -s /bin/bash $user || exit

  # Add it to the the sudo-enabled group designated above.
  sudo usermod $user -G $sudoEnabledGroup || exit

  # Assign the password to the user.
  # Password is passed via stdin, *twice* (for confirmation).
  # This will print something like the following:
  #   "Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully"
  # You can suppress with 2>/dev/null, but that would also mask true errors.
  sudo passwd $user <<< "$passwd"$'\n'"$passwd" || exit

done < <(paste "$usersFile" "$passwdFile")

printf 'Done.\n'