Mount
希望允許應用程序使用 rhel 8 安裝驅動器
我可以使用 sudo mount.cifs 掛載我的驅動器……我可以通過 sudo umount /mnt/mountpoint 解除安裝
它提示我輸入密碼,所以我將 sudoers 文件更改為 NOPASSWD:ALL 現在它沒有提示我。
我有一個應用程序,我希望能夠在執行該應用程序時由任何有權訪問該應用程序的人安裝驅動器,但是如果我這樣做 sudo -u username mount.cifs…. 然後它會提示我輸入使用者密碼嘗試做這個。這將全部被編寫腳本或執行命令,就像從命令行一樣。
我需要它做的是為執行應用程序的任何人提供至少執行掛載命令的能力,儘管我也希望它能夠創建目錄(mkdir),以便我可以從控製文件創建掛載和然後它可以創建目錄,然後根據給定的參數進行連接。我已經編寫了程式碼來檢查掛載是否存在,如果不存在則創建或連接,但不知道如何解決 sudo 命令的工作原理。
我想避免寫這個,以便每次資源不可用並且掛載下降時,它不需要發送消息讓某人登錄並手動執行此操作。
我想出了為我做這件事的最好方法。
所有使用者都將是組 jbase 的成員。您可以在 sudoers 文件中提供組 sudo 資訊。
我添加了這一行:
%jbase ALL=(ALL) NOPASSWD: /usr/bin/mount, /usr/bin/umount, /usr/sbin/mount.cifs, /usr/bin/mkdir
我現在可以執行 sudo mount.cifs …. 並且不會提示 jbase 組中的任何人輸入密碼。
手冊頁解釋了
mount(8)
要做什麼。Non-superuser mounts Normally, only the superuser can mount filesystems. However, when fstab contains the user option on a line, anybody can mount the corre‐ sponding filesystem. Thus, given a line /dev/cdrom /cd iso9660 ro,user,noauto,unhide any user can mount the iso9660 filesystem found on an inserted CDROM using the command: mount /cd Note that mount is very strict about non-root users and all paths spec‐ ified on command line are verified before fstab is parsed or a helper program is executed. It's strongly recommended to use a valid mount‐ point to specify filesystem, otherwise mount may fail. For example it's a bad idea to use NFS or CIFS source on command line.
(這可能是個壞主意,但如果您的 mount 命令語法正確,它就可以工作,這很容易。)
For more details, see fstab(5). Only the user that mounted a filesys‐ tem can unmount it again. If any user should be able to unmount it, then use users instead of user in the fstab line. The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be a member of the group of the special file.