Regex pattern to edit /etc/sudoers file

2020-07-09 07:15发布

问题:

I want to remove (uncommnet #) wheel group in /etc/sudoers file so what would be the Regex pattern i should use?

#cat /etc/sudoers
....
....
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS

## Allows people in group wheel to run all commands
# %wheel        ALL=(ALL)       ALL

## Same thing without a password
# %wheel  ALL=(ALL)       NOPASSWD: ALL

....
....

I want to remove # from following line.

...
# %wheel  ALL=(ALL)       NOPASSWD: ALL
...

回答1:

You shouldn't edit the /etc/sudoers file with any sort of script. There's a reason for the visudo command. Edits to the sudoers file should be rare and well-controlled.

That being said, if your editor for the visudo command is vi, you can run something like :%s/^# %wheel/%wheel/ to uncomment all of the lines what start with %wheel.

Or, if you reeeeeeally think it's necessary:

sudo sed --in-place 's/^#\s*\(%wheel\s\+ALL=(ALL)\s\+NOPASSWD:\s\+ALL\)/\1/' /etc/sudoers

Run it without the --in-place first to check the output. Use it at your own risk.



回答2:

No need to use sed. On centos you can simply create file at /etc/sudoers.d/

echo 'myuser ALL=(ALL) NOPASSWD: ALL' >> ./myuser
sudo chown root:root ./myuser
sudo mv ./myuser /etc/sudoers.d/

This will enable sudo without password for myuser. Check this for more information: https://unix.stackexchange.com/questions/375433/etc-sudoers-vs-etc-sudoers-d-file-for-enabling-sudo-for-a-user



回答3:

The following should work:

sed -i 's/^#\s*\(%wheel\s*ALL=(ALL)\s*NOPASSWD:\s*ALL\)/\1/' /etc/sudoers