[英]How to execute 'iftop' without sudo
I have a script that runs iftop
in text mode, cuts down the output to what I'm concerned in, and saves it to a text file along with the output of the date
command (I am monitoring network usage on various interfaces over time). 我有一个在文本模式下运行iftop
的脚本,将输出减少到我关注的内容,并将其与date
命令的输出一起保存到文本文件中(我随着时间的推移监视各种接口上的网络使用情况) 。 Only problem I'm having is I'm trying to run my script every 15 minutes via the crontab, and in order to run the iftop
command I need sudo permissions. 我遇到的唯一问题是我试图通过crontab每15分钟运行一次脚本,为了运行iftop
命令,我需要sudo权限。 Does anyone know some way to change the permissions of iftop
to make it so I don't need sudo permissions? 有没有人知道改变iftop
权限的方法,以便我不需要sudo权限?
Alternatively if I can give the script the ability to run the command with sudo that would be fine by me as well. 或者,如果我可以让脚本能够使用sudo运行命令,我也可以。 I tried adding the script to the sudoers file via sudo visudo
and adding the line: 我尝试通过sudo visudo
将脚本添加到sudoers文件并添加以下行:
user ALL=(ALL) NOPASSWD: /home/user/network_usage.sh
but that didn't work...perhaps a result of executing from the crontab? 但那不起作用......也许是从crontab执行的结果?
Thanks, 谢谢,
-Eric -Eric
If you have root access on the machine the quick and dirty way: 如果您在计算机上具有root访问权限,则快速而肮脏的方式:
chmod +s $(which iftop)
This will make it run w/ root privileges no matter who invokes it. 这将使它无论谁调用它都运行w / root权限。 But I still think your sudo like should work. 但我仍然认为你的sudo 应该有用。
A more granular approach would be to use: 更细粒度的方法是使用:
# setcap cap_net_raw=eip $(which iftop)
This lets iftop capture packets but does not give the process full root privileges. 这允许iftop捕获数据包,但不会为进程提供完全root权限。 In case of a security problem or bug with "iftop" its side effects would be much more limited. 如果出现安全问题或“iftop”错误,其副作用将更加有限。
Related: https://unix.stackexchange.com/questions/189750/how-can-i-run-script-without-root-to-sniff-network-libpcap 相关: https : //unix.stackexchange.com/questions/189750/how-can-i-run-script-without-root-to-sniff-network-libpcap
You may use root's crontab to run the script. 您可以使用root的crontab来运行脚本。 If instead of crontab -e
you use sudo crontab -e
you will edit root's crontab. 如果不是crontab -e
使用sudo crontab -e
将编辑根的crontab。 Tasks specified in that file will run under root's account and privileges. 该文件中指定的任务将在root的帐户和权限下运行。
Alternatively, you can set the setuid access flag for your script file. 或者,您可以为脚本文件设置setuid访问标志。 To do so first change the owner of the file to root, then enable setuid like this: 为此,首先将文件的所有者更改为root,然后启用setuid,如下所示:
sudo chown root /home/user/network_usage.sh
sudo chmod +s-w /home/user/network_usage.sh
The setuid bit makes an executable file run with the effective UID of its owner. setuid位使用其所有者的有效UID运行可执行文件。
Regardless of what approach you take, be very careful . 无论你采取什么方法,都要非常小心 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.