Kwisixhobo , esetyenziselwa ukulungelelanisa ukwenziwa kwemiyalelo egameni labanye abasebenzisi, (), ekuvumela ukuba uphumeze imiyalelo ngamalungelo engcambu, ukuba kukho imigaqo kwizicwangciso ze-sudoers apho kwi-ID yomsebenzisi khangela icandelo emva kokuvumela igama elingundoqo "ZONKE" kukho ukuthintela okucacileyo kokusebenza ngamalungelo engcambu ("... (BONKE, !ingcambu) ..." ). Ukuba sesichengeni akubonakali kuqwalaselo olungagqibekanga kunikezelo.
Ukuba i-sudoers iyasebenza, kodwa inqabile kakhulu ekusebenzeni, imithetho evumela ukwenziwa komyalelo othile phantsi kwe-UID yakhe nawuphi na umsebenzisi ongeyiyo ingcambu, umhlaseli onegunya lokuphumeza lo myalelo unokugqitha kumda omiselweyo kwaye enze umyalelo nge. amalungelo engcambu. Ukugqitha umda, zama nje ukwenza umyalelo ochazwe kwiisetingi nge-UID "-1" okanye "4294967295", eya kukhokelela ekuphunyezweni kwayo nge-UID 0.
Umzekelo, ukuba kukho umgaqo kwizicwangciso onika nawuphi na umsebenzisi ilungelo lokuphumeza inkqubo/usr/bin/id phantsi kwayo nayiphi na i-UID:
myhost BONKE = (ZONKE, !ingcambu) /usr/bin/id
okanye ukhetho oluvumela uphumezo kuphela kumsebenzisi othile bob:
myhost bob = (ZONKE, !ingcambu) /usr/bin/id
Umsebenzisi unokuphumeza i "sudo -u '#-1' id" kwaye /usr/bin/id into eluncedo iya kuqaliswa ngamalungelo engcambu, ngaphandle kokungavunyelwa okucacileyo kuseto. Ingxaki ibangelwa kukungahoywa kwamaxabiso akhethekileyo "-1" okanye "4294967295", angakhokeli kutshintsho kwi-UID, kodwa ekubeni i-sudo ngokwayo sele isebenza njengengcambu, ngaphandle kokutshintsha i-UID, umyalelo ekujoliswe kuwo ukwanguwo. iqaliswe ngamalungelo engcambu.
Kwi-SUSE kunye nonikezelo lwe-OpenSUSE, ngaphandle kokuchaza "NOPASSWD" kumgaqo, kukho ubuthathaka. , kuba kwi-sudoers imowudi ethi "Defaults targetpw" yenziwe ngokungagqibekanga, ejonga i-UID ngokuchasene nedathabheyisi yegama eliyimfihlo kwaye ikukhuthaza ukuba ufake igama eligqithisiweyo lomsebenzisi ekujoliswe kulo. Kwiinkqubo ezinjalo, uhlaselo lunokwenziwa kuphela ukuba kukho imigaqo yefom:
myhost ZONKE = (ZONKE, !ingcambu) NOPASSWD: /usr/bin/id
Umba ulungisiwe ekukhululweni . Ulungiso lukwafumaneka kwifom . Kwiikiti zokusasaza, ubuthathaka sele bulungisiwe , , , , ΠΈ . Ngexesha lokubhala, ingxaki ihlala ingalungiswanga ΠΈ . Ukuba sesichengeni kwachongwa ngabaphandi bokhuseleko abavela kwi-Apple.
umthombo: opennet.ru