我想通过ssh运行sudo命令而不禁用“requiretty”sudo选项.
根据/ etc / sudoers:
#
# Disable "ssh hostname sudo ", because it will show the password in clear.
# You have to run "ssh -t hostname sudo ".
#
Defaults requiretty
通常,“ssh -t”工作正常.我能够运行像whoami这样的命令:
ssh -t 'bnadmin@devgreg' 'sudo whoami'
root
Connection to hostname closed.
除了奇怪的消息“连接到主机名关闭”它工作正常.当我试图触发应该被妖魔化的服务时,问题就来了.如果我通过ssh运行它们,它们就不会启动.
例如tomcat:
ssh -t 'myuser@hostname' 'sudo /usr/local/tomcat/bin/startup.sh'
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/java/latest/
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar
Connection to hostname closed.
$ssh -t 'myuser@hostname' 'ps aux | grep java'
myuser 21177 0.0 0.1 106096 1380 pts/2 Ss+ 17:25 0:00 bash -c ps aux | grep java
myuser 21185 0.0 0.0 103244 824 pts/2 S+ 17:25 0:00 grep java
Connection to hostname closed.
除了tomcat,我遇到了任何init.d启动脚本的问题.如果我在sudoers文件中注释掉requiretty并且不使用-t ssh选项,那么它就会成功启动.
$ssh 'myuser@hostname' 'sudo /usr/local/tomcat/bin/startup.sh'
$ssh 'myuser@hostname' 'ps aux | grep java'
root 21235 90.8 69.3 3706044 701956 ? Sl 17:30 0:39 /usr/java/latest//bin/java -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -javaagent:/usr/local/tomcat/bin/../spring-instrument-3.1.1.RELEASE.jar -Xms1500m -Xmx2500m -XX:PermSize=256m -Djava.endorsed.dirs=/usr/local/tomcat/endorsed -classpath /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat/temp org.apache.catalina.startup.Bootstrap start
myuser 21279 1.0 0.1 106096 1380 ? Ss 17:30 0:00 bash -c ps aux | grep java
myuser 21287 0.0 0.0 103244 824 ? S 17:30 0:00 grep java
所以我的问题是如何在不禁用requiretty sudo选项的情况下通过ssh触发sudo后台进程?