如何从 Bash 脚本中授予用户 SUDO 权限
How to give Users SUDO Permission from Bash Script
我找到了一个 link (),我们可以通过它在 Linux 中创建用户。
问题是所有从此脚本创建的用户都没有 SUDO 权限(root 权限)。请帮助,哪个和哪里我可以添加switches/option 这样当我执行下面的脚本时,它会创建具有 SUDO 权限的所有用户。
#!/bin/bash
# NOTE: Be sure to run this script with `sudo`.
# Read user and password
while read iuser ipasswd; do
# Just print this for debugging.
printf "\tCreating user: %s with password: %s\n" $iuser $ipasswd
# Create the user with adduser (you can add whichever option you like).
useradd -m -s /bin/false $iuser
# Assign the password to the user.
# Password is passed via stdin, *twice* (for confirmation).
passwd $iuser <<< "$ipasswd"$'\n'"$ipasswd"
done < <(paste users.txt passwords.txt)
下面将原代码扩展如下:
它指定了一个(n 个额外的)组来添加用户。
那一组:
- 可以是一个 现有的 组,假定已启用
sudo,例如 Ubuntu 上的 sudo 组。
- 如果不存在,则创建它,并通过目录
/etc/sudoers.d/ 中的专用文件启用 sudo - 以该组命名 - 查看代码和 man sudoers详情。
在用户创建循环中,每个新创建的用户都会添加到该组 usermod:
sudo usermod <user> -G <group>
- 注意:作为
useradd 调用的一部分,您也应该能够执行此操作。
这应该 sudo- 启用所有新创建的用户。
注:
- 通过纯文本文件提供密码存在安全风险。
- 有关用户创建 (
while) 循环中使用的技术的说明,请参阅 。
#!/usr/bin/env bash
# The sudo-enabled user group to add users to.
# Either choose a preexisting one, such as 'sudo' on Ubuntu, or
# specify a new group to create and sudo-enable on demand (see below).
sudoEnabledGroup='foosudo'
# Test if the group exists.
[[ -z $(awk -F: -v g=$sudoEnabledGroup '==g' /etc/group) ]] && groupExists=0 || groupExists=1
# If the group doesn't exist yet, create it on demand and sudo-enable it.
# Note: Deactive this `if` statement, if the group must already exist.
if (( ! groupExists )); then
printf "Creating group: %s...\n" $sudoEnabledGroup
# Create the group.
sudo groupadd $sudoEnabledGroup || exit
# Sudo-enable it, via a dedicated file in directory /etc/sudoers.d/, named for the group.
# CAUTION: The following enables the MOST PRIVILEGES POSSIBLE for the given
# group. See `man sudoers`, section "SUDOERS FILE FORMAT" for details.
customSudoerFile=/etc/sudoers.d/$sudoEnabledGroup
printf "... and sudo-enabling it via file $customSudoerFile.\n" $sudoEnabledGroup
sudo sh -c "echo '%$sudoEnabledGroup ALL=(ALL:ALL) ALL' >$customSudoerFile"
fi
# Loop over the user names and passwords from the input files.
usersFile="users.txt"
# CAVEAT: Providing passwords via plain-text file is a SECURITY RISK.
passwdFile="passwords.txt"
printf "Creating users from files '%s' and '%s' and assigning them to group '%s'...\n" "$usersFile" "$passwdFile" $sudoEnabledGroup
while read user passwd; do
printf " Creating user: %s...\n" $user
# Create the user.
sudo useradd -m -s /bin/bash $user || exit
# Add it to the the sudo-enabled group designated above.
sudo usermod $user -G $sudoEnabledGroup || exit
# Assign the password to the user.
# Password is passed via stdin, *twice* (for confirmation).
# This will print something like the following:
# "Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully"
# You can suppress with 2>/dev/null, but that would also mask true errors.
sudo passwd $user <<< "$passwd"$'\n'"$passwd" || exit
done < <(paste "$usersFile" "$passwdFile")
printf 'Done.\n'
我找到了一个 link (
#!/bin/bash
# NOTE: Be sure to run this script with `sudo`.
# Read user and password
while read iuser ipasswd; do
# Just print this for debugging.
printf "\tCreating user: %s with password: %s\n" $iuser $ipasswd
# Create the user with adduser (you can add whichever option you like).
useradd -m -s /bin/false $iuser
# Assign the password to the user.
# Password is passed via stdin, *twice* (for confirmation).
passwd $iuser <<< "$ipasswd"$'\n'"$ipasswd"
done < <(paste users.txt passwords.txt)
下面将原代码扩展如下:
它指定了一个(n 个额外的)组来添加用户。
那一组:
- 可以是一个 现有的 组,假定已启用
sudo,例如 Ubuntu 上的sudo组。 - 如果不存在,则创建它,并通过目录
/etc/sudoers.d/中的专用文件启用sudo- 以该组命名 - 查看代码和man sudoers详情。
- 可以是一个 现有的 组,假定已启用
在用户创建循环中,每个新创建的用户都会添加到该组
usermod:
sudo usermod <user> -G <group>- 注意:作为
useradd调用的一部分,您也应该能够执行此操作。
- 注意:作为
这应该 sudo- 启用所有新创建的用户。
注:
- 通过纯文本文件提供密码存在安全风险。
- 有关用户创建 (
while) 循环中使用的技术的说明,请参阅
#!/usr/bin/env bash
# The sudo-enabled user group to add users to.
# Either choose a preexisting one, such as 'sudo' on Ubuntu, or
# specify a new group to create and sudo-enable on demand (see below).
sudoEnabledGroup='foosudo'
# Test if the group exists.
[[ -z $(awk -F: -v g=$sudoEnabledGroup '==g' /etc/group) ]] && groupExists=0 || groupExists=1
# If the group doesn't exist yet, create it on demand and sudo-enable it.
# Note: Deactive this `if` statement, if the group must already exist.
if (( ! groupExists )); then
printf "Creating group: %s...\n" $sudoEnabledGroup
# Create the group.
sudo groupadd $sudoEnabledGroup || exit
# Sudo-enable it, via a dedicated file in directory /etc/sudoers.d/, named for the group.
# CAUTION: The following enables the MOST PRIVILEGES POSSIBLE for the given
# group. See `man sudoers`, section "SUDOERS FILE FORMAT" for details.
customSudoerFile=/etc/sudoers.d/$sudoEnabledGroup
printf "... and sudo-enabling it via file $customSudoerFile.\n" $sudoEnabledGroup
sudo sh -c "echo '%$sudoEnabledGroup ALL=(ALL:ALL) ALL' >$customSudoerFile"
fi
# Loop over the user names and passwords from the input files.
usersFile="users.txt"
# CAVEAT: Providing passwords via plain-text file is a SECURITY RISK.
passwdFile="passwords.txt"
printf "Creating users from files '%s' and '%s' and assigning them to group '%s'...\n" "$usersFile" "$passwdFile" $sudoEnabledGroup
while read user passwd; do
printf " Creating user: %s...\n" $user
# Create the user.
sudo useradd -m -s /bin/bash $user || exit
# Add it to the the sudo-enabled group designated above.
sudo usermod $user -G $sudoEnabledGroup || exit
# Assign the password to the user.
# Password is passed via stdin, *twice* (for confirmation).
# This will print something like the following:
# "Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully"
# You can suppress with 2>/dev/null, but that would also mask true errors.
sudo passwd $user <<< "$passwd"$'\n'"$passwd" || exit
done < <(paste "$usersFile" "$passwdFile")
printf 'Done.\n'