[英]Confused on sudo vs su and running scripts
When I do sudo su - john
I become user john
without asking for a password. 当我执行
sudo su - john
john
无需输入密码即可成为用户john
。
But when I do: sudo su - john /usr/share/script_to_run.pl
I am asked for a password. 但是当我这样做时:
sudo su - john /usr/share/script_to_run.pl
我被要求输入密码。 Same also for sudo -u john /usr/share/script_to_run.pl
sudo -u john /usr/share/script_to_run.pl
Why? 为什么? What am I doing wrong here?
我在这里做错了什么?
Now, first of all, the -
means that you want a login shell. 现在,首先,
-
表示您需要登录shell。 The first statement means that you want to, as root (hence the sudo
), want to make it appear as you logged in as john
. 第一条语句表示您希望以root用户身份(因此为
sudo
)在您以john
登录时显示。 Somewhere it is configured that the user you are currently logged in as has the rights to do sudo without using a password. 在某处已配置为您当前登录的用户有权在不使用密码的情况下执行sudo。
What happens in the first instance is that you execute one command su - john
(meaning "log me in as john
), and you do that as root (since you put sudo
first). Your current user has sudo-without-password-rights, and root has the right to become any user. 在第一个实例中发生的事情是,您执行一个命令
su - john
(意思是“以john
登录”),并且您以root身份执行(因为您先放置了sudo
)。您当前的用户拥有sudo-without-password-rights ,root有权成为任何用户。
The second try is wrong. 第二次尝试是错误的。 You can't use
su
to execute a command in that way, and when you want su to execute a single command, I see no reason to make it a login shell. 您不能以这种方式使用
su
执行命令,并且当您希望su执行单个命令时,我认为没有理由将其设为登录shell。
In the third option, you (as the currently logged in user) want to "become" john
for one command. 在第三个选项中,您(作为当前登录用户)希望“成为”
john
的一个命令。 For that, you will need john
s password. 为此,您将需要
john
的密码。 (When you do this as root
, however, you don't need the password.) (但是,以
root
身份执行此操作时,则不需要密码。)
To make it work you could probably try 为了使其正常工作,您可以尝试
sudo su --command="/usr/share/script_to_run.pl" john
or maybe even the more exotic looking 甚至看起来更奇特
sudo sudo -u john /usr/share/script_to_run.pl
"sudo" was designed to give all the functionality of "su", but not require them to use the other user's password. “ sudo”旨在提供“ su”的所有功能,但不要求他们使用其他用户的密码。 The answers you need are within the /etc/sudoers file, editable with the "sudo visudo" command.
您需要的答案在/ etc / sudoers文件中,可使用“ sudo visudo”命令进行编辑。 here you will find that you can make your user not require a password:
在这里您会发现您可以使您的用户不需要密码:
cratylus ALL=(ALL) NOPASSWD: ALL
thence submit queries with 从那里提交查询
sudo -u cratylus the statement
note: don't quote the statement - you only do this for the "su -c" command. 注意:请勿引用该语句-您只能对“ su -c”命令执行此操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.