讓sudo不在輸入密碼

新手涉及到的教学或入门贴,推荐新手必看,版主维护
头像
xiehuoli
帖子: 5941
注册时间: 2006-06-10 8:43
来自: 中国 CS

讓sudo不在輸入密碼

#1

帖子 xiehuoli » 2007-03-20 14:00

論壇很多人問怎麼樣讓sudo記住密碼
我找到以前一個提速腳本
看見可以通過修改/etc/sudoers
sudo vi /etc/sudoers
把/etc/sudoers裡面最後一行
%admin ALL=(ALL)
改為
%admin ALL=(ALL) NOPASSWD: NOPASSWD: ALL

然后强制保存 wq 就OK
以後sudo不在需要密碼
但是個人認為這樣會存在風險
個人建議使用sudo su


ps:把這個提速腳本一起給出
#!/bin/sh

######################################################################################
# faster-dapper.sh - Tweak default settings to speed up Ubuntu 6.06 Dapper Drake #
# Usage: ./faster-dapper.sh as a user in the admin group with full sudo access #
# #
# Version 0.4 written July 8, 2006 by Jeff Schroeder (jeffschroed@gmail.com) #
# License: GNU GPL 2 ONLY. See http://www.fsf.org/licensing/licenses/info/GPLv2.html #
######################################################################################

INSTALLED_DRIVE="`fdisk -l | grep Linux | head -1 | cut -d" " -f1 | cut -d"/" -f3 | sed 's/[1-9]//'`"

# Disable sudo asking for your password for the remainder of the script
sudo sed -ie '/^%admin/s/ALL$/NOPASSWD: ALL/' /etc/sudoers


# Are we running on Dapper?
if ( ! grep "Ubuntu 6.06" /etc/issue >/dev/null 2>&1); then
echo "This script is only intended for Ubuntu 6.06 Dapper Drake"
exit 1
fi

logger " -===== Installation log started on $(date) for faster-dapper.sh =====- " #Logs installation information to /var/log/messages
echo " -===== Installation started on $(date) for faster-dapper.sh =====- "

# Update the system
#sudo apt-get update && sudo apt-get --yes upgrade

# Enable the Completely Fair Queuing Linux process scheduler to handle high CPU usage situations better
if (! grep "elevator=cfq" /boot/grub/menu.lst > /dev/null 2>&1); then
logger " Kernel process scheduler changed to CFQ"
sudo sed -ie '/# defoptions/s/splash/splash elevator=cfq/' /boot/grub/menu.lst
sudo update-grub
else
echo "Kernel process scheduler is already CFQ"
fi

# Preload is an adaptive readahead daemon. Read /usr/share/doc/preload/proposal.txt.gz after installing preload for more info
if [ ! -f /etc/preload.conf ]; then
logger " Installed preload"
sudo apt-get --yes install preload
else
echo "reload already installed"
fi

# Enable prelink which causes big applications like firefox and OO.o to load faster
if (! grep "^PRELINKING=yes" /etc/default/prelink > /dev/null 2>&1); then
logger " Installed prelink"
sudo apt-get --yes install prelink && sudo sed -ie 's/unknown/yes/' /etc/default/prelink

# Uncomment this if you don't keep your computer on all night and want to have prelink run on newly installed software
# NOTE: This makes apt-get upgrade or apt-get dist-upgrade take a loooooong time.
#echo 'DPkg:ost-Invoke {"echo Running prelink, please wait...;/etc/cron.daily/prelink";}' >> /etc/apt/apt.conf

echo -n "Running prelink for the first time so this might take awhile..."
sudo /etc/cron.daily/prelink && echo "done"
else
echo "relinking already enabled"
fi

# Disable ipv6 to improve network responsiveness and speed dhcp lease negotiation at boot time
if [ -d /etc/modprobe.d ]; then
if ( ! grep "net-pf-10 off" /etc/modprobe.d/aliases > /dev/null 2>&1 ); then
logger " Disabled ipv6"
sudo -u root echo "alias net-pf-10 off" >> /etc/modprobe.d/aliases
fi
if ( ! grep "ipv6 off" /etc/modprobe.d/aliases > /dev/null 2>&1 ); then
logger " Disabled ipv6 alias"
sudo -u root echo "alias ipv6 off" >> /etc/modprobe.d/aliases
fi
fi

# Speed up gnome a bit
logger " Improved gnome speed"
gconftool-2 --set --type boolean /desktop/gnome/interface/enable_animations false
gconftool-2 --set --type boolean /apps/panel/global/enable_animations false
gconftool-2 --set --type string /apps/nautilus/preferences/preview_sound never
#gconftool-2 --set --type string /apps/nautilus/preferences/show_p_w_picpath_thumbnails never
#gconftool-2 --set --type string /apps/nautilus/preferences/show_icon_text never

# Performance tweak to speed up your hard drive
#logger " Enabled IDE hard disk tweaks"
#sudo /sbin/hdparm -u1 -m16 -c1 -A1 -a64 -d1 -K1 $INSTALLED_DRIVE > /dev/null

# Performance tweak to speed up ext3 partitions with lots of files
#for volume in $(mount 2> /dev/null| grep ext3 | awk '{print $1}'); do
# logger " Enabled dir_index ext3 option for $volume"
# sudo tune2fs -O dir_index "$volume"
#done

# Enable dash as /bin/sh to run shell scripts instead of bloated bash
# See
#if ( ! dpkg -l dash >/dev/null 2>&1 ); then
# sudo apt-get install dash && sudo update-alternatives --install /bin/sh sh /bin/dash 1
#else
# sudo update-alternatives --install /bin/sh sh /bin/dash 1
#fi

# Disable unnecessary services.
# Remove any of these if you use them: hplip: hp printers, bluez-utils: bluetooth, pppd-dns: dialup users.
for service in hplip ppp festival bluez-utils mdadm apmd brltty lvm evms pppd-dns waitnfs.sh; do
logger " Disabled service $service"
sudo /etc/init.d/$service stop
sudo update-rc.d -f $service remove
done

# Disable more unnecessary services if the computer is not a laptop
# Comment out this section if you are using a laptop
for service in laptop-mode pcmcia pcmciautils; do
logger " Disabled service $service"
sudo /etc/init.d/$service remove
sudo update-rc.d -f $service remove
done


# Re-enable password prompts for users in the admin group running sudo
#sudo sed -ie '/NOPASSWD/s/NOPASSWD: //' /etc/sudoers

logger " -===== Installation log finished on $(date) for faster-dapper.sh =====- "
echo " -===== Installation finished on $(date) for faster-dapper.sh =====- "

echo " "
echo "Your installation of Ubuntu 6.06 Dapper Drake should run faster now..."
echo "lease reboot your computer for some changes to take affect."
上次由 xiehuoli 在 2007-06-07 11:18,总共编辑 5 次。
年轻没有失败! ! ! ! ! !
噢!有怪兽,有怪兽!
头像
xiehuoli
帖子: 5941
注册时间: 2006-06-10 8:43
来自: 中国 CS

#2

帖子 xiehuoli » 2007-03-20 14:03

小小请求,
请求qinqin加入到
[教学]ubuntu常见问题指南 新手发问前必看
里面 :em02
年轻没有失败! ! ! ! ! !
噢!有怪兽,有怪兽!
头像
zhuqin_83
帖子: 10606
注册时间: 2006-05-13 4:02
联系:

#3

帖子 zhuqin_83 » 2007-03-20 14:17

你去加好了,我不介意的。 :D
HP Pavilion DV6-2064CA: AMD Turion II Ultra Dual-Core Mobile M640, HD4650, 2GBx2 DDR2-800, Seagate 500GB 7200RPM SATA, BD-ROM
DELL UltraSharp 2209WA
Arch64, Testing repo
头像
xiehuoli
帖子: 5941
注册时间: 2006-06-10 8:43
来自: 中国 CS

#4

帖子 xiehuoli » 2007-03-20 14:18

zhuqin_83 写了:你去加好了,我不介意的。 :D
人家不好意思赛
:em03
年轻没有失败! ! ! ! ! !
噢!有怪兽,有怪兽!
头像
zhuqin_83
帖子: 10606
注册时间: 2006-05-13 4:02
联系:

#5

帖子 zhuqin_83 » 2007-03-20 14:19

我明天再弄,睡了。
HP Pavilion DV6-2064CA: AMD Turion II Ultra Dual-Core Mobile M640, HD4650, 2GBx2 DDR2-800, Seagate 500GB 7200RPM SATA, BD-ROM
DELL UltraSharp 2209WA
Arch64, Testing repo
头像
skyx
论坛版主
帖子: 9202
注册时间: 2006-12-23 13:46
来自: Azores Islands
联系:

#6

帖子 skyx » 2007-03-20 14:19

在我的ubuntu上设为自动登陆(不是root自动登陆)就可以了
no security measure is worth anything if an attacker has physical access to the machine
头像
xiehuoli
帖子: 5941
注册时间: 2006-06-10 8:43
来自: 中国 CS

#7

帖子 xiehuoli » 2007-03-20 14:31

skyx 写了:在我的ubuntu上设为自动登陆(不是root自动登陆)就可以了
方法有很多
这个也是一个办法
但是个人感觉用自动登录还是有点风险
最好还是用sudo su
年轻没有失败! ! ! ! ! !
噢!有怪兽,有怪兽!
雕啸长空
帖子: 1897
注册时间: 2006-09-12 14:09

#8

帖子 雕啸长空 » 2007-03-20 14:36

sudo 不用输入密码,还不如直接用root登录得了......
Fair winds and following seas !
头像
xiehuoli
帖子: 5941
注册时间: 2006-06-10 8:43
来自: 中国 CS

#9

帖子 xiehuoli » 2007-03-20 14:37

雕啸长空 写了:sudo 不用输入密码,还不如直接用root登录得了......
这样比root登录又安全那么一点点
呵呵
年轻没有失败! ! ! ! ! !
噢!有怪兽,有怪兽!
雕啸长空
帖子: 1897
注册时间: 2006-09-12 14:09

#10

帖子 雕啸长空 » 2007-03-20 15:00

感觉应该安全不到哪里去吧,毕竟CLI下面的操作杀伤力远远强于GUI啊
Fair winds and following seas !
头像
dogfox
论坛版主
帖子: 5311
注册时间: 2006-09-02 14:18
来自: 汉桑城
联系:

#11

帖子 dogfox » 2007-03-20 18:11

没兴趣
现在很少弄软件的
我都是尽量少用或不用sudo
全世界linux爱好者联合起来 !
头像
puras
帖子: 95
注册时间: 2007-03-27 19:36

#12

帖子 puras » 2007-04-02 20:37

:oops: 修改完了不知道为什么出错咧。
惨了。。。
现在sudoers文件打不开。
执行命令又说:xxx is not allowed to run sudo on puras-desktop. This incident will be reported.
头像
adqin
帖子: 1417
注册时间: 2007-01-24 22:07
来自: http://adqin.cn
联系:

#13

帖子 adqin » 2007-04-02 20:52

输个密码也嫌麻烦么?我觉得sudo 然后输入密码很酷的。
看谁什么多得输个密码来确定下么?
我就是要摆给别人看的。
头像
bones7456
帖子: 8495
注册时间: 2006-04-12 20:05
来自: 杭州
联系:

#14

帖子 bones7456 » 2007-04-02 21:36

呵呵,还是输一下密码比较好。
关注我的blog: ε==3
头像
dogfox
论坛版主
帖子: 5311
注册时间: 2006-09-02 14:18
来自: 汉桑城
联系:

#15

帖子 dogfox » 2007-04-02 22:32

bones7456 写了:呵呵,还是输一下密码比较好。
应该从常人的角度看待lz非常人的文章
其实
这叫高水平的水贴
全世界linux爱好者联合起来 !
回复