测试用户是否可以在 Bash 中执行 sudo 的最佳方法是什么?
[英]What's the best way to test if a user can sudo in Bash?
问题描述
Reading the sudo man page, I see that the -v flag can be used to check if the user has sudo privileges in his workstation.
阅读 sudo 手册页,我看到 -v 标志可用于检查用户是否在其工作站中具有 sudo 权限。 I have a piece of script that needs to test it.我有一段脚本需要测试它。 If the user has not sudo privileges, it prints on screen:如果用户没有 sudo 权限,它会在屏幕上打印:
Sorry, user tester may not run sudo on debian.
How can I suppress this message and just execute the rest of the code?我怎样才能抑制这条消息并只执行代码的 rest?
3 个解决方案
解决方案1
4 已采纳 2017-02-13 01:21:32
Try to append >/dev/null in your command. 尝试在命令中附加>/dev/null 。 In case the message is printed in stderr then use 2>/dev/null or as advised in comments use &>/dev/null to redirect both stdout and stderr to null. 如果在stderr中打印消息,则使用2>/dev/null或在注释中使用&>/dev/null将stdout和stderr重定向到null。
解决方案2
0 2023-01-25 00:08:55
Depends on what you mean by "can user sudo"取决于你所说的“用户可以 sudo”是什么意思
Short answer:简短回答:
If can_auto_sudo=$(sudo -l -n sudo &>/dev/null; echo $?) is 0, you can sudo as much as you want.如果can_auto_sudo=$(sudo -l -n sudo &>/dev/null; echo $?)是0,你想sudo多少就sudo多少。
Long Answer长答案
- Do you need to test before or can you just handle error cases?您需要先测试还是只处理错误情况?
- How much do you need to know, the sudoers real username is a valid piece of data to want, for example.您需要知道多少,例如,sudoers 的真实用户名是需要的有效数据。
- This question is often asking several different but related questions.这个问题经常问几个不同但相关的问题。 So I will ask those more precisely and then answer for each.所以我会更准确地询问这些问题,然后一一回答。
1. Is this script being run using sudo? 1. 这个脚本是使用 sudo 运行的吗?
[ $EUID -eq 0 ] || exit 1 [ $EUID -eq 0 ] || exit 1 # Exit if not effectively root [ $EUID -eq 0 ] || exit 1 # 如果不是有效root则退出
2. Can this user run a specific command as root using sudo? 2. 这个用户可以使用 sudo 以 root 身份运行特定命令吗?
sudo -l /usr/bin/program &>/dev/null || exit 2 sudo -l /usr/bin/program &>/dev/null || exit 2 # Exit if it can't run this as sudo sudo -l /usr/bin/program &>/dev/null || exit 2 # 如果它不能像 sudo 一样运行就退出
3. Can this user run sudo without interacting? 3. 这个用户可以在没有交互的情况下运行 sudo 吗?
sudo -l -n /usr/bin/program &>/dev/null || exit 3 sudo -l -n /usr/bin/program &>/dev/null || exit 3 # Exit if requires interaction sudo -l -n /usr/bin/program &>/dev/null || exit 3 # 如果需要交互则退出
4. Can I check all that ahead of time? 4.我可以提前检查所有这些吗?
`sudo -ll -U $USER # tells you which commands can be runs with sudo by user (have to parse yourself) `sudo -ll -U $USER # 告诉你用户可以使用 sudo 运行哪些命令(必须自己解析)
5. Script being run with sudo or actually root? 5. 脚本是用 sudo 运行还是用 root 运行?
[[ "$(printenv SUDO_USER)" = "" ]] || echo "$SUDO_USER is sudoing!" && exit 5
解决方案3
0 2023-01-25 00:39:38
Using sudo -l or --list As per the man page, sudo can be used with -l or --list to get the list of allowed and forbidden commands for any particular user.使用 sudo -l 或 --list 根据手册页,sudo 可以与 -l 或 --list 一起使用以获取任何特定用户允许和禁止命令的列表。
The syntax would be: sudo -l [-AknS] [-a type] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]语法为:sudo -l [-AknS] [-a type] [-g group] [-h host] [-p prompt] [-U user] [-u user] [command]
If we use sudo --list without any arguments, then it will print the list of allowed and forbidden commands for the user who is executing the sudo command如果我们使用 sudo --list 而没有任何 arguments,那么它将为执行 sudo 命令的用户打印允许和禁止命令的列表
sudo --list sudo --list
User root may run the following commands on client: (ALL) ALL
用户 root 可以在客户端运行以下命令: (ALL) ALL
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.