两个选项之间存在差异:
authenticate
If set,users must authenticate themselves via a password
(or other means of authentication) before they may run commands. This
default may be overridden via the PASSWD and NOPASSWD tags. This flag
is on by default.
passwd_timeout
Number of minutes before the sudo password prompt times
out,or 0 for no timeout. The timeout may include a fractional
component if minute granularity is insufficient,for example 2.5. The
default is 5.
虽然您可以为每个Cmnd_Alias设置两个,但passwd_timeout是您尝试实现的正确选项.
然后,让我们看一下Defaults的语法:
Default_Type ::= 'Defaults' |
'Defaults' '@' Host_List |
'Defaults' ':' User_List |
'Defaults' '!' Cmnd_List |
'Defaults' '>' Runas_List
Default_Entry ::= Default_Type Parameter_List
Parameter_List ::= Parameter |
Parameter ',' Parameter_List
Parameter ::= Parameter '=' Value |
Parameter '+=' Value |
Parameter '-=' Value |
'!'* Parameter
指定Cmnd_List或Cmnd_Alias时需要!前缀,结果:
Cmnd_Alias WITHPW = /usr/bin/rm -R,/usr/sbin/shutdown
Defaults:!WITHPW passwd_timeout=0