mar*_*nuy 6 sudo socket gunicorn systemd systemctl
我有一个systemd.socket名为gunicorn.socket,我想在远程服务器上更新一些代码后重新启动。
我已按照允许非 root 用户重新启动服务中详述的步骤操作并systemctl不断询问我的用户密码。这是我尝试systemctl restart gunicorn.socket与 user一起运行时所做的john:
# added an appadmin group to allow the restart command to john
addgroup appadmin
usermod -a -G appadmin john
visudo
在sudoers:
Cmnd_Alias MYAPP_CMNDS = /bin/systemctl start gunicorn.socket, /bin/systemctl stop gunicorn.socket, /bin/systemctl restart gunicorn.socket
%appadmin ALL=(ALL) NOPASSWD: MYAPP_CMNDS
然后sudo systemctl restart gunicorn.socket在服务器上工作正常,但是当我远程尝试时,我得到:
ssh example.com "sudo systemctl restart gunicorn.socket"
Failed to restart gunicorn.socket: Interactive authentication required.
See system logs and 'systemctl status gunicorn.socket' for details.
有任何想法吗?我正在使用 Ubuntu 17.04。
更新:添加完整内容/etc/sudoers:
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Cmnd alias specification
Cmnd_Alias MYAPP_CMNDS = /bin/systemctl start gunicorn.socket, /bin/systemctl stop gunicorn.socket, /bin/systemctl restart gunicorn.socket
%appadmin ALL=(ALL) NOPASSWD: MYAPP_CMNDS
# User privilege specification
root ALL=(ALL:ALL) ALL
john ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
确保 /etc/sudoers 中未设置“requiretty”选项。
有关更多信息,请参阅此问题:https://unix.stackexchange.com/questions/79960/how-to-disable-requiretty-for-a-single-command-in-sudoers