[weasel@darwyn ~]$ uname -a
Linux darwyn 5.3.7-arch1-1-ARCH #1 SMP PREEMPT Fri Oct 18 00:17:03 UTC 2019 x86_64 GNU/Linux
nginx version: nginx/1.16.1
PHP 7.3.10 (cli) (built: Sep 26 2019 13:40:03) ( NTS )
Username: http
UID: 33
Gecos field:
Home directory: /srv/http
Shell: /usr/bin/nologin
No login: yes
Primary group: http
GID: 33
Hushed: no
Running processes: 3
Last logs:
09:29 sudo[648]: pam_unix(sudo:auth): auth could not identify password for [http]
09:29 sudo[649]: pam_unix(sudo:account): account http has expired (account expired)
09:29 sudo[650]: pam_unix(sudo:account): account http has expired (account expired)
我已经采取
步骤来解决这个问题:
我已经在PHP.
.
中启用了调试
/var/log/php-fpm.log告诉我正在启动调用,但需要密码:
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper"
我对visudo.
做了修改
从类似的问题中,我了解到sudoers文件对与用户相关的最后一个配置排序。所以我第一次
root ALL=(ALL) ALL
weasel ALL=(ALL) ALL
http ALL=(ALL) NOPASSWD: /usr/local/bin/blacklist_ip, /usr/bin/iptables
我把条目移到
root ALL=(ALL) ALL
weasel ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Relocated user http permissions for testing
http ALL=(ALL) NOPASSWD: /usr/local/bin/blacklist_ip, /usr/bin/iptables
## Read drop-in files from /etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /etc/sudoers.d
exec("sudo blacklist_ip 185.189.12.135");
shell_exec("sudo blacklist_ip 185.189.12.135");
return:
"sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper"
exec("blacklist_ip 185.189.12.135");
shell_exec("blacklist_ip 185.189.12.135");
exec("/usr/bin/iptables -A INPUT -s 185.189.12.135 -j DROP");
shell_exec("/usr/bin/iptables -A INPUT -s 185.189.12.135 -j DROP");
return:
"Fatal: can't open lock file /run/xtables.lock: Permission denied"
exec("sudo /usr/bin/iptables -A INPUT -s 185.189.12.135 -j DROP");
shell_exec("sudo /usr/bin/iptables -A INPUT -s 185.189.12.135 -j DROP");
return:
"sudo: Account expired or PAM config lacks an "account" section for sudo, contact your system administrator"
( Q) sudo说,‘帐户过期或者PAM配置没有一个Sudo的“帐户”部分,联系您的系统管理员’并退出,但我知道我的帐户还没有过期。( A) PAM配置缺乏“帐户”规范。在Linux上,这通常意味着您遗漏了如下一行:
account required pam_unix.so
in /etc/amam.d/sudo。