简体繁体 English

如何在Mac中运行没有密码的Sudo代码

[英]How to run Sudo code without password in mac

原文 2016-02-26 06:37:01 5 1 macos/ terminal/ sudo

I want to run "sudo rm ing /tmp/instruments_sock" in terminal. 我想在终端中运行“ sudo rm ing / tmp / instruments_sock”。 I am doing this through code using robotil jar. 我正在通过使用robotil jar的代码来执行此操作。 But I am not able to enter password. 但是我无法输入密码。 Is there any way that I run this command without asking for password in mac.!! 有什么办法可以运行此命令而无需在Mac中输入密码！！ I want to remove password ONLY for this command. 我只想删除此命令的密码。

1 个解决方案

If you want to perform a single privileged task without a password, the best way is probably to use a setuid binary. 如果要执行没有密码的单个特权任务，最好的方法可能是使用setuid二进制文件。

In short, you make a tiny program that does what you want. 简而言之，您可以创建一个小型程序，它可以满足您的需求。 You then give the program root privileges by setting its owner to root and enabling the setuid bit. 然后，您可以通过将程序的所有者设置为root并启用setuid位来赋予程序root特权。

A very important warning : Don't just call system("rm /tmp/something") in your setuid binary! 一个非常重要的警告 ：不要只在setuid二进制文件中调用system("rm /tmp/something") ！ That is a classic security bug. 那是一个经典的安全漏洞。 Unclean environment variables (such as PATH) can hijack the command. 不干净的环境变量（例如PATH）会劫持该命令。 There's a short introduction to the security problem in the wikipedia link above. 上面的Wikipedia链接中有安全问题的简短介绍。

Instead of using system(), the easiest and safest way is to use the language's own file handling libraries. 最简单，最安全的方法不是使用system（），而是使用该语言自己的文件处理库。 If you aren't 100% sure about what you are doing, avoid running shell commands from your binary. 如果您不确定自己在做什么，请避免从二进制文件中运行Shell命令。