In utility
Haddii sudoers ay leeyihiin ansax, laakiin aad dhif u ah ficil ahaan, qawaaniin u oggolaanaya fulinta amar gaar ah oo hoos yimaada UID isticmaale kasta oo aan ahayn xidid, weeraryahan awood u leh inuu fuliyo amarkan wuxuu dhaafi karaa xaddidaadda la aasaasay wuxuuna fulin karaa amarka xuquuqda xididka. Si aad uga gudubto xaddidaadda, kaliya isku day inaad ku fuliso amarka ku qeexan goobaha UID β-1β ama β4294967295β, taasoo u horseedi doonta in lagu fuliyo UID 0.
Tusaale ahaan, haddii uu jiro sharci ku jira goobaha kaas oo siinaya isticmaale kasta xaqa uu u leeyahay in uu fuliyo barnaamijka /usr/bin/id ee hoos yimaada UID kasta:
myhost ALL = (ALL,! xidid) /usr/bin/id
ama ikhtiyaar u oggolaanaya fulinta kaliya bob isticmaale oo gaar ah:
myhost bob = (ALL,! xidid) /usr/bin/id
Isticmaaluhu wuxuu fulin karaa "sudo -u '#-1' id" iyo / usr / bin / id utility waxaa loo bilaabi doonaa xidid ahaan, in kasta oo mamnuucida cad ee goobaha. Dhibaatadu waxay tahay iyada oo la iska indho-tiray qiyamka gaarka ah "-1" ama "4294967295", taas oo aan u horseedin isbeddel ku yimaada UID, laakiin maadaama sudo lafteedu ay horeyba u socdaan sidii xidid, iyada oo aan la beddelin UID, amarka bartilmaameedka ayaa sidoo kale ah. bilaabay xuquuqda xididka.
Qaybinta SUSE iyo openSUSE, iyada oo aan lagu sheegin "NOPASSWD" qaanuunka dhexdiisa, waxaa jirta nuglaanta
myhost ALL = (ALL,! xidid) NOPASSWD: /usr/bin/id
Arrintu waxay go'an tahay siideynta
Source: opennet.ru