Esisetshenziswa
Uma ama-sudoers evumelekile, kodwa eyivelakancane ekusebenzeni, imithetho evumela ukwenziwa komyalo othile ngaphansi kwe-UID yanoma yimuphi umsebenzisi ngaphandle kwempande, umhlaseli onegunya lokwenza lo myalo angawudlula umkhawulo omisiwe futhi akhiphe umyalo ngo amalungelo ezimpande. Ukuze weqe umkhawulo, vele uzame ukwenza umyalo oshiwo kuzilungiselelo nge-UID β-1β noma β4294967295β, okuzoholela ekusebenzeni kwayo nge-UID 0.
Isibonelo, uma kunomthetho kuzilungiselelo onikeza noma yimuphi umsebenzisi ilungelo lokusebenzisa uhlelo/usr/bin/id ngaphansi kwanoma iyiphi i-UID:
myhost BONKE = (BONKE, !impande) /usr/bin/id
noma inketho evumela ukwenziwa komsebenzisi othize kuphela:
myhost bob = (BONKE, !impande) /usr/bin/id
Umsebenzisi angakwazi ukusebenzisa i-id ethi βsudo -u '#-1'β futhi insiza ethi /usr/bin/id izokwethulwa njengempande, naphezu kokuvinjelwa okusobala kuzilungiselelo. Inkinga ibangelwa ukunganaki amanani akhethekile "-1" noma "4294967295", angaholeli ekushintsheni kwe-UID, kodwa njengoba i-sudo ngokwayo isivele isebenza njengempande, ngaphandle kokushintsha i-UID, umyalo oqondisiwe nawo yethulwe ngamalungelo ezimpande.
Ekusabalazweni kwe-SUSE ne-openSUSE, ngaphandle kokucacisa okuthi βNOPASSWDβ emthethweni, kukhona ubungozi.
myhost BONKE = (BONKE, !impande) NOPASSWD: /usr/bin/id
Inkinga ilungisiwe ekukhululweni
Source: opennet.ru