如何从使用sudo运行的程序访问用户的ssh密钥?
[英]How to access user's ssh keys from the program that is run with sudo?
问题描述
The dilemma: a Linux program that I'm working on should: 
困境:我正在开发的Linux程序应该:
- Fetch a "package" over git+ssh:// protocol (using Git). 通过git + ssh://协议(使用Git)获取“包”。
- Install that "package" in the system. 在系统中安装该“软件包”。
For git+ssh to work, Git needs to see my keys. 为了使git + ssh正常工作,Git需要查看我的密钥。
For the "package" installation, the program must have superuser privileges. 对于“软件包”安装,该程序必须具有超级用户特权。
A limitation: the program should not elevate privileges (call sudo) by itself. 限制:程序不应自行提升特权(称为sudo)。 User must explicitly invoke it with sudo. 用户必须使用sudo显式调用它。 (Lets ignore the case when user runs the program while begin logged in as root — assuming he will setup keys correctly then.) (让我们忽略用户开始以root用户身份登录时运行程序的情况-假设他那时将正确设置密钥。)
So, the question is: how to do ssh access with user keys from the program that is invoked with sudo? 因此,问题是:如何使用sudo调用的程序中的用户密钥进行ssh访问?
1 个解决方案
解决方案1
3 已采纳 2011-01-04 09:27:11
use the -i identity_file ssh parameters. 使用-i identity_file ssh参数。 To tell git to use the proper command you should set the GIT_SSH variable to a file that will call ssh -i "$@". 要告诉git使用正确的命令,您应该将GIT_SSH变量设置为一个将调用ssh -i“ $ @”的文件。
If you can't do that then you should drop privileges while you do the git pull command. 如果您无法执行此操作,则在执行git pull命令时应放弃特权。
sudo -u <original_user> git fetch git+ssh://
You can use the ${SUDO_USER} enviroment variable to find out who the original user was. 您可以使用$ {SUDO_USER}环境变量来查找原始用户。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.