在/etc/sudoer中确定用户权限的最快方法 [英] Fastest Way to Determine User Permissions in /etc/sudoer
问题描述
用户将通过SSH远程访问基于*** nix的计算机,我需要确定最快的方式来检查他们当前使用的用户名是否在/etc/sudoers中具有NOPASSWD访问权限文件.
Users will be remotely accessing ***nix based machines via SSH and I need to determine the fastest way to check if the username that they are currently using has NOPASSWD access in the /etc/sudoers file.
可能的选项:
- 在/etc/sudoers中输入用户名的grep,分析命令提示符输出以确定它是否具有NOPASSWD,如果没有,请删除该行,然后附加新的权限
- 不管(不好的主意),只要在文件中添加一个权限字符串即可.
- 尝试将sudo转换为受保护的文件,然后查看是否提示我输入密码.
我希望有一些简单的方法,但是我的google-fu并没有给出任何答案.
I'm hoping for something easier, but my google-fu hasn't come up with any answers.
推荐答案
如果sudo -v
成功,则表明用户已被授权使用sudo
;如果失败,则表明该用户未被授权使用sudo
.
If sudo -v
succeeds, the user has been authorized to use sudo
; if it fails, then the user has not been authorized to use sudo
.
# su user -c 'setsid sudo -v </dev/null'; echo $?
[sudo] password for user:
1
# su root -c 'setsid sudo -v </dev/null'; echo $?
0
如果没有 setsid ,sudo
甚至会尝试以交互方式要求输入密码如果stdin/stdout/stderr已全部重定向.如果没有控制终端,则不需要此操作,但是您可能需要除su
以外的其他内容来更改用户权限,例如 setreuid
Without setsid, sudo
will try to ask for the password interactively even if stdin/stdout/stderr have all been redirected. If you don't have a controlling terminal, this isn't needed, but you will probably need something other than su
to change user permissions, like fork+setreuid.
这篇关于在/etc/sudoer中确定用户权限的最快方法的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!