使用 sudo 作为另一个用户运行时的 Perl 系统调用 [英] Perl system calls when running as another user using sudo

问题描述

我开发了一个 perl 脚本，它提供了一个菜单驱动的功能，允许用户执行一些简单的任务.

I have developed a perl script which provides a menu driven functionality to allow users to carry out some simple tasks.

我需要用户能够执行诸如复制文件(保持当前日期和权限)、以不同用户身份运行其他程序(例如 less 或 vi)等任务.该脚本大量使用了 system() 函数.我希望用户通过调用来启动菜单:

I need the users to be able to carry out tasks such as copying files (keeping the current date and permissions), running other programs (such as less or vi) as a different user. The script uses alot of use of the system() function. I want the users to start the menu by calling:

sudo -u perluser /usr/bin/perl /data/perlscripts/scripta.pl

这应该以 perl 用户身份启动脚本，然后根据用户的选择执行不同的任务.问题是每当我使用诸如

This should start the script as perl user, which it does, and then carry out different tasks depending on what the user selects. The problem is that whenever I use a system call such as

system("clear");

我收到以下错误

Can't exec "clear": Permission denied at /data/perlscripts/scripta.pl line 3

如果我以 perluser 身份登录运行脚本，那么它会成功运行.

If I run the script by logging in as perluser then it all runs succesfully.

有什么办法可以让它工作吗?我不希望用户能够以 perluser 身份登录，因为我需要控制他们能够运行的内容.我也不想运行像

Is there any way to get this working? I do not want users to be able to log in as perluser as I need to control what they are able to run. I also do not want to run a command like

system("sudo -u perluser clear");

因为我需要一个不同的团队来设置我想要运行的所有 sudo 命令(他们可能会拒绝这样做)，如果我必须在某个时候添加额外的命令，这将无法扩展.

as I would then require a different team to set up all the sudo commands I wanted to run (which they will probably refuse to do) and this would not be scalable if I have to add extra commands at somepoint.

谢谢，

推荐答案

我认为您可能需要将 -i 选项(模拟初始登录")添加到 sudo:

I think you probably need to add the -i option ("simulate initial login") to sudo:

sudo -i -u perluser /usr/bin/perl /data/perlscripts/scripta.pl

这将确保 .profile 或 .login 或诸如此类的东西正常运行，因此 $PATH 设置正确等等上.在几乎所有方面，它真的就像 perluser 实际登录并在 shell 上运行 /usr/bin/perl/data/perlscripts/scripta.pl.

That will ensure that .profile or .login or whatnot is run properly, and therefore that $PATH is set up properly and so on. It will really be, in almost all respects, as if perluser were actually logging in and running /usr/bin/perl /data/perlscripts/scripta.pl at the shell.

这篇关于使用 sudo 作为另一个用户运行时的 Perl 系统调用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！