perl/eBox/Zentyal 中的 Sudo 命令
[英]Sudo command in perl/eBox/Zentyal
问题描述
I installed Zentyal 4.0 and looking its scripts how it is functioning.
我安装了 Zentyal 4.0 并查看它的脚本如何运行。
I saw a perl function to run the shell commands in machine like below我看到了一个 perl 函数来在机器中运行 shell 命令,如下所示
//Ebox::Sudo:root
... ...
/usr/bin/sudo -p sudo: {commands to perform}
Can anyone explain what it is meant sudo in the shell?谁能解释一下 shell 中的sudo是什么意思?
Thanks谢谢
2 个解决方案
解决方案1
1 2019-11-11 17:03:02
The -p according to documentation is for (Use a custom password prompt with optional escape sequences) zentyal used the /usr/bin/sudo -p sudo: just for purpose of testing根据文档的 -p 用于(使用带有可选转义序列的自定义密码提示)zentyal 使用 /usr/bin/sudo -p sudo: 仅用于测试目的
Readonly::Scalar our $SUDO_PATH => '/usr/bin/sudo -p sudo:'; # our declaration eases testing
Because if you change to因为如果你改成
/usr/bin/sudo -p anything:
The functionality of sudo zentyal is normal. sudo zentyal 的功能是正常的。
In you comments you wanted know why zentyal can run any shell system command without prompting the password, is because when you installed zentyal you have to set a user to sudo group or admin (this is similar to sudo group)在您的评论中,您想知道为什么 zentyal 可以在不提示密码的情况下运行任何 shell 系统命令,因为当您安装 zentyal 时,您必须将用户设置为 sudo 组或管理员(这类似于 sudo 组)
Members of the admin group may gain root privileges %admin ALL=(ALL) ALL admin 组的成员可以获得 root 权限 %admin ALL=(ALL) ALL
The last ALL allowed to run any command最后一个 ALL 允许运行任何命令
Case related: https://forum.zentyal.org/index.php/topic,34663.0.html案例相关: https : //forum.zentyal.org/index.php/topic,34663.0.html
解决方案2
0 2017-11-09 09:25:06
This answer gives you an answer to both the sudo and -p sudo: in your command.此答案为您提供了sudo和-p sudo:的答案。
sudo itself is a privilege command allowing users to execute commands, if allowed in the sudoers file, which generally is not allowed by normal users. sudo本身是一个权限命令,允许用户执行命令,如果在sudoers文件中允许,一般普通用户是不允许的。
The sudoers file can determine exactly which commands a user is allowed to run. sudoers 文件可以准确确定允许用户运行哪些命令。 Typically these commands can be run by either setting up the sudoers file by either prompting for the user password each time a command is being run, or by adding the NOPASSWD option which allows a user to run sudo commands without having to retype their password.通常,这些命令可以通过在每次运行命令时提示输入用户密码来设置 sudoers 文件来运行,或者通过添加允许用户运行 sudo 命令而无需重新输入密码的 NOPASSWD 选项来运行。
Example: a normal user cannot run dmidecode as you will get a access denied.示例:普通用户无法运行 dmidecode,因为您将获得访问拒绝。
[user@host ~]$ dmidecode
# dmidecode 3.0
Scanning /dev/mem for entry point.
/dev/mem: Permission denied
but if allowed in the sudoers file, you can allow the user to run the command as a super user.但是如果在 sudoers 文件中允许,您可以允许用户以超级用户身份运行命令。
[user@host ~]$ sudo dmidecode
Here is an example of a sudoers file entry allowing user to only run some dmidecode and sar using sudo, without prompting for password.这是一个 sudoers 文件条目的示例,它允许用户只使用 sudo 运行一些dmidecode和sar ,而不提示输入密码。
user123 ALL=(ALL) NOPASSWD: /usr/sbin/dmidecode, /usr/bin/sar
for the -p sudo: part.对于-p sudo:部分。
The -p (prompt) option allows you to override the default password prompt and use a custom one. -p (提示)选项允许您覆盖默认密码提示并使用自定义提示。 The following percent ('%') escapes are supported by the sudoers. sudoers 支持以下百分比 ('%') 转义。
In other words in this case it will replace the default prompt for sudo password with the sudo: text.换句话说,在这种情况下,它将用sudo:文本替换 sudo 密码的默认提示。
So as an example, running a command like df -h举个例子,运行一个像df -h这样的命令
[user@phost ~]$ sudo df -h
[sudo] password for host:
but when running with -p但是当使用-p运行时
[user@phost ~]$ sudo -p sudo: df -h
sudo:
TIP!提示! whenever you need to edit a sudoers file, you need to ensure you never do vi sudoers as it will change file ownership.每当您需要编辑 sudoers 文件时,您需要确保永远不要执行vi sudoers因为它会更改文件所有权。 Always edit a sudoers file by running the visudo command as root .始终通过以root身份运行visudo命令来编辑 sudoers 文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.