shell脚本 - 须藤的权限失去了时间 [英] Shell script - Sudo-permissions lost over time
问题描述
我做了需要保持它的整个脚本超级用户权限的简单bash脚本。当睡眠发生不幸,但可以理解的剧本失去其须藤 -eleveted权限。对我来说并不好:
I've made a simple bash script that need to keep it's super-user privileges throughout the script. Unfortunately, but understandable the script looses its sudo-eleveted permissions when the sleep occurs. Not good for me:
sudo echo "I am sudo!" # Asks for passwords
sleep(60)
sudo echo "I am sudo!" # Need to enter password again.
我想过更换睡眠用while循环,保持须藤活着,但我pretty确保有可用以使更好的选择须藤 -permissions保持整个脚本?
I thought about replacing the sleep with a while-loop that keeps the sudo alive, but I am pretty sure that there's better options available to make the sudo-permissions stay throughout the script?
感谢
推荐答案
须藤的灵活性是广泛的估计下。这会导致非常差的做法(如 sudo的苏 - 佳能球术法)。
The flexibility of sudo is widely under-estimated. This leads to very poor practices (like the sudo su - canon-ball surgery method).
一个更好的方法是特异性地允许你打算让这些命令的无需使用密码的
A much better method is to specificly allow the commands you intend to allow without use of a password:
phill = NOPASSWD: /bin/ls, /usr/bin/lprm
您可以选择从特定的主机上运行的具体管理用户的特定用户做到这一点。你甚至可以prevent从通过shell转义作为参数的用户。您可以须藤prevent已启动程序以动态执行进一步的应用等等,等等,你会想阅读man-页sudoers文件(并且一定要阅读程序编辑这个特殊的文件!)。
下面是一个事物的细细品味,(从这里):
Here is a small taste of things, (from here):
User_Alias OPERATORS = joe, mike, jude
Runas_Alias OP = root, operator
Host_Alias OFNET = 10.1.2.0/255.255.255.0
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
OPERATORS ALL=ALL
#The users in the OPERATORS group can run any command from any terminal.
linus ALL=(OP) ALL
# The user linus can run any command from any terminal as any user in the OP group (root or operator).
user2 OFNET=(ALL) ALL
# user user2 may run any command from any machine in the OFNET network, as any user.
user3 ALL= PRINTING
# user user3 may run lpc and lprm from any machine.
go2linux ALL=(ALL) ALL
# user go2linux may run any command from any machine acting as any user. (like Ubuntu)
If you want not to be asked for a password use this form
go2linux ALL=(ALL) ALL NO PASSWD: ALL
这篇关于shell脚本 - 须藤的权限失去了时间的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
