Kwisixhobo
Ukuba i-sudoers iyasebenza, kodwa inqabile kakhulu ekusebenzeni, imithetho evumela ukwenziwa komyalelo othile phantsi kwe-UID yakhe nawuphi na umsebenzisi ongeyiyo ingcambu, umhlaseli onegunya lokuphumeza lo myalelo unokugqitha kumda omiselweyo kwaye enze umyalelo nge. amalungelo engcambu. Ukugqitha umda, zama nje ukwenza umyalelo ochazwe kwiisetingi nge-UID "-1" okanye "4294967295", eya kukhokelela ekuphunyezweni kwayo nge-UID 0.
Umzekelo, ukuba kukho umgaqo kwizicwangciso onika nawuphi na umsebenzisi ilungelo lokuphumeza inkqubo/usr/bin/id phantsi kwayo nayiphi na i-UID:
myhost BONKE = (ZONKE, !ingcambu) /usr/bin/id
okanye ukhetho oluvumela uphumezo kuphela kumsebenzisi othile bob:
myhost bob = (ZONKE, !ingcambu) /usr/bin/id
Umsebenzisi unokuphumeza i "sudo -u '#-1' id" kwaye /usr/bin/id into eluncedo iya kuqaliswa ngamalungelo engcambu, ngaphandle kokungavunyelwa okucacileyo kuseto. Ingxaki ibangelwa kukungahoywa kwamaxabiso akhethekileyo "-1" okanye "4294967295", angakhokeli kutshintsho kwi-UID, kodwa ekubeni i-sudo ngokwayo sele isebenza njengengcambu, ngaphandle kokutshintsha i-UID, umyalelo ekujoliswe kuwo ukwanguwo. iqaliswe ngamalungelo engcambu.
Kwi-SUSE kunye nonikezelo lwe-OpenSUSE, ngaphandle kokuchaza "NOPASSWD" kumgaqo, kukho ubuthathaka.
myhost ZONKE = (ZONKE, !ingcambu) NOPASSWD: /usr/bin/id
Umba ulungisiwe ekukhululweni
umthombo: opennet.ru