如何以特定用戶的身份啓動/停止/重新啓動服務並記錄此操作？

Question

我想執行我的腳本，/sbin/service storm start作爲storm_deployer用戶。 所以爲了這個，我創建一個用戶storm_deployer並將其添加到/etc/sudoers

hornet_deployer ALL=(ALL) NOPASSWD:/sbin/service 

而且在/etc/init.d

#!/bin/bash 
#=================================================================================== 
#FILE: storm 
#USAGE: storm [start] [stop] [status] 
#DESCRIPTION: storm start, stop, restart service 
# 
#OPTIONS: 
# REQUIREMENTS: --- 
# BUGS: --- 
# NOTES: --- 
# 
#AUTHOR: Valter Henrique, valter.silva@company.com 
#COMPANY: company 
#VERSION: 1.0 
#CREATED: 03.27.13 
#REVISION: 03.27.13 
#=================================================================================== 
# 
# chkconfig: 345 90 12 
# description: storm start, stop, restart service 
# processname: storm 
# 
# Get function from functions library 
. /etc/init.d/functions 

folder=/company/storm/bin #folder to the application 
service="storm" #name of the service 

startup=$folder/run.sh 
shutdown=$folder/stop.sh 
deployer=storm_deployer 
process="63987524-22fc-4674-8896-11230716bc62" 

#=== FUNCTION ================================================================ 
# 
#NAME: start 
# DESCRIPTION: Start the service storm 
# PARAMETER 1: --- 
#=============================================================================== 
start() { 

    #---------------------------------------------------------------------- 
    # getting the process PID 
    #---------------------------------------------------------------------- 
    pid_process=`ps -ef | grep $process | grep -v grep |awk -F' ' '{ print $2 }'`; 

    if [ $pid_process ]; then 
    echo "#######################" 
    echo "$service is running!" 
    echo "Stop then first!" 
    echo "#######################" 
    else 
    action $"Starting $service: " su - $deployer -c $startup 
    RETVAL=$? 
    fi 
} 

#=== FUNCTION ================================================================ 
# 
#NAME: stop 
# DESCRIPTION: Stop the service storm 
# PARAMETER 1: --- 
#=============================================================================== 
stop() { 

    #---------------------------------------------------------------------- 
    # getting the process PID 
    #---------------------------------------------------------------------- 
    pid_process=`ps -ef | grep $process | grep -v grep |awk -F' ' '{ print $2 }'`; 

    if [ $pid_process ]; then 
    action $"Stopping $service: " su - $deployer -c $shutdown 
    RETVAL=$? 
    else 
    echo "#######################" 
    echo "$service is not running" 
    echo "#######################" 
    fi 
} 

#=== FUNCTION ================================================================ 
# 
# NAME: status 
# DESCRIPTION: Status of the service 
# PARAMETER 1: --- 
#=============================================================================== 
status() { 

    #---------------------------------------------------------------------- 
    # getting the process PID 
    #---------------------------------------------------------------------- 
    pid_process=`ps -ef | grep $process | grep -v grep |awk -F' ' '{ print $2 }'`; 

if [ $pid_process ]; then 
    echo "#######################" 
    echo "$service is RUNNING" 
    echo "#######################" 
    else 
    echo "#######################" 
    echo "$service is NOT RUNNING" 
    echo "#######################" 
    fi 
} 

#---------------------------------------------------------------------- 
# Main Logic 
#---------------------------------------------------------------------- 
case "$1" in 
    start) 
     start 
     ;; 
    stop) 
     stop 
     ;; 
    status) 
     status 
     ;; 
    restart|reload|condrestart) 
     stop 
     start 
     ;; 
    *) 
     echo $"Usage: $0 {start|stop|restart|reload|status}" 
     exit 1 
esac 
exit 0 

創建此腳本storm所以我登錄的用戶storm_deployer與sudo su storm_deployer和運行/sbin/service hornet start而是不斷詢問一個密碼，每次運行此服務。

更新

我的/等/ sudoers文件

## Sudoers allows particular users to run various commands as 
## the root user, without needing the root password. 
## 
## Examples are provided at the bottom of the file for collections 
## of related commands, which can then be delegated out to particular 
## users or groups. 
## 
## This file must be edited with the 'visudo' command. 

## Host Aliases 
## Groups of machines. You may prefer to use hostnames (perhap using 
## wildcards for entire domains) or IP addresses instead. 
# Host_Alias  FILESERVERS = fs1, fs2 
# Host_Alias  MAILSERVERS = smtp, smtp2 

## User Aliases 
## These aren't often necessary, as you can use regular groups 
## (ie, from files, LDAP, NIS, etc) in this file - just use %groupname 
## rather than USERALIAS 
# User_Alias ADMINS = jsmith, mikem 


## Command Aliases 
## These are groups of related commands... 

## Networking 
#Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net, /sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool 

## Installation and management of software 
#Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum 

## Services 
#Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig 

## Updating the locate database 
#Cmnd_Alias LOCATE = /usr/bin/updatedb 

## Storage 
#Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount, /bin/umount 

## Delegating permissions 
#Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp 

## Processes 
#Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall 

## Drivers 
#Cmnd_Alias DRIVERS = /sbin/modprobe 

# Defaults specification 

# 
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear. 
#   You have to run "ssh -t hostname sudo <cmd>". 
# 
#Defaults requiretty 
# 
# Refuse to run if unable to disable echo on the tty. This setting should also be 
# changed in order to be able to use sudo without a tty. See requiretty above. 
# 
Defaults !visiblepw 

Defaults env_reset 
Defaults env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR \ 
         LS_COLORS MAIL PS1 PS2 QTDIR USERNAME \ 
         LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION \ 
         LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC \ 
         LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS \ 
         _XKB_CHARSET XAUTHORITY" 

## Next comes the main part: which users can run what software on 
## which machines (the sudoers file can be shared between multiple 
## systems). 
## Syntax: 
## 
##  user MACHINE=COMMANDS 
## 
## The COMMANDS section may have other options added to it. 
## 
## Allow root to run any commands anywhere 
root ALL=(ALL)  ALL 

User_Alias SUPERADMIN = %superadmin 

SUPERADMIN ALL=(ALL) NOPASSWD: ALL 
hornet_deployer ALL=(ALL) NOPASSWD:/sbin/service 

## Allows members of the 'sys' group to run networking, software, 
## service management apps and more. 
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE, DRIVERS 

## Allows people in group wheel to run all commands 
# %wheel  ALL=(ALL)  ALL 

## Same thing without a password 
# %wheel  ALL=(ALL)  NOPASSWD: ALL 

## Allows members of the users group to mount and unmount the 
## cdrom as root 
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom 

## Allows members of the users group to shutdown this system 
# %users localhost=/sbin/shutdown -h now 
nagios ALL=(ALL) NOPASSWD:/bin/touch, /bin/rm 
User_Alias SUPERSUDOERS = %supersudoers 
SUPERSUDOERS ALL=NOPASSWD:/usr/sbin/tcpdump,/sbin/service,/usr/bin/kill,/usr/bin/killall,/usr/bin/iptraf 

〜

Answer 1

這條線在你的sudoers文件：

hornet_deployer ALL=(ALL) NOPASSWD:/sbin/service 

它是所有其他組/用戶後或者像這樣（在...之間）某事）？

root ALL=(ALL:ALL) ALL 
hornet_deployer ALL=(ALL) NOPASSWD:/sbin/service 
%admin ALL=(ALL) ALL 
%sudo ALL=(ALL:ALL) ALL