bash – Shell脚本 – Sudo权限随着时间的推移而丢失
发布时间:2020-12-15 19:00:33 所属栏目:安全 来源:网络整理
导读:我做了一个简单的bash脚本,需要在整个脚本中保持它的超级用户权限.不幸的是,但是可以理解的是,当睡眠发生时,脚本会失去其sudo-eleveted权限.对我不好: sudo echo "I am sudo!" # Asks for passwordssleep(60)sudo echo "I am sudo!" # Need to enter passwo
|
我做了一个简单的bash脚本,需要在整个脚本中保持它的超级用户权限.不幸的是,但是可以理解的是,当睡眠发生时,脚本会失去其sudo-eleveted权限.对我不好:
sudo echo "I am sudo!" # Asks for passwords sleep(60) sudo echo "I am sudo!" # Need to enter password again. 我想用一个保持sudo活着的while循环替换睡眠,但我很确定有更好的选项可以让sudo-permissions保留在整个脚本中? 谢谢
sudo的灵活性被广泛低估.这导致非常糟糕的做法(如sudo su – canon-ball手术方法).
更好的方法是特定地允许您打算允许的命令而不使用密码: phill = NOPASSWD: /bin/ls,/usr/bin/lprm 您可以选择对作为特定管理员用户运行的特定主机的特定用户执行此操作.您甚至可以阻止用户将shell转义作为参数传递.您可以使sudo阻止已启动的程序动态执行其他应用程序等.您将需要read the man-page for sudoers (and be sure to read the procedures for editing this special file!). 这是一种小小的品味,(from here): User_Alias OPERATORS = joe,mike,jude Runas_Alias OP = root,operator Host_Alias OFNET = 10.1.2.0/255.255.255.0 Cmnd_Alias PRINTING = /usr/sbin/lpc,/usr/bin/lprm OPERATORS ALL=ALL #The users in the OPERATORS group can run any command from any terminal. linus ALL=(OP) ALL # The user linus can run any command from any terminal as any user in the OP group (root or operator). user2 OFNET=(ALL) ALL # user user2 may run any command from any machine in the OFNET network,as any user. user3 ALL= PRINTING # user user3 may run lpc and lprm from any machine. go2linux ALL=(ALL) ALL # user go2linux may run any command from any machine acting as any user. (like Ubuntu) If you want not to be asked for a password use this form go2linux ALL=(ALL) ALL NO PASSWD: ALL (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |