I installed Zentyal 4.0 and looking its scripts how it is functioning.
I saw a perl function to run the shell commands in machine like below
//Ebox::Sudo:root
...
/usr/bin/sudo -p sudo: {commands to perform}
Can anyone explain what it is meant sudo
in the shell?
Thanks
The -p according to documentation is for (Use a custom password prompt with optional escape sequences) zentyal used the /usr/bin/sudo -p sudo: just for purpose of testing
Readonly::Scalar our $SUDO_PATH => '/usr/bin/sudo -p sudo:'; # our declaration eases testing
Because if you change to
/usr/bin/sudo -p anything:
The functionality of sudo zentyal is normal.
In you comments you wanted know why zentyal can run any shell system command without prompting the password, is because when you installed zentyal you have to set a user to sudo group or admin (this is similar to sudo group)
Members of the admin group may gain root privileges %admin ALL=(ALL) ALL
The last ALL allowed to run any command
Case related: https://forum.zentyal.org/index.php/topic,34663.0.html
This answer gives you an answer to both the sudo
and -p sudo:
in your command.
sudo
itself is a privilege command allowing users to execute commands, if allowed in the sudoers
file, which generally is not allowed by normal users.
The sudoers file can determine exactly which commands a user is allowed to run. Typically these commands can be run by either setting up the sudoers file by either prompting for the user password each time a command is being run, or by adding the NOPASSWD option which allows a user to run sudo commands without having to retype their password.
Example: a normal user cannot run dmidecode as you will get a access denied.
[user@host ~]$ dmidecode
# dmidecode 3.0
Scanning /dev/mem for entry point.
/dev/mem: Permission denied
but if allowed in the sudoers file, you can allow the user to run the command as a super user.
[user@host ~]$ sudo dmidecode
Here is an example of a sudoers file entry allowing user to only run some dmidecode
and sar
using sudo, without prompting for password.
user123 ALL=(ALL) NOPASSWD: /usr/sbin/dmidecode, /usr/bin/sar
for the -p sudo:
part.
The -p
(prompt) option allows you to override the default password prompt and use a custom one. The following percent ('%') escapes are supported by the sudoers.
In other words in this case it will replace the default prompt for sudo password with the sudo:
text.
So as an example, running a command like df -h
[user@phost ~]$ sudo df -h
[sudo] password for host:
but when running with -p
[user@phost ~]$ sudo -p sudo: df -h
sudo:
TIP! whenever you need to edit a sudoers file, you need to ensure you never do vi sudoers
as it will change file ownership. Always edit a sudoers file by running the visudo
command as root
.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.