sudo服务有什么作用?

Modified on: Sat, 09 Jun 2018 07:51:53 +0800

据我所知,似乎其他人拥有相同意见 sudo是一个执行具有管理权限的命令。

但是,当我运行rcconf时,我可以看到这一行:

[*] sudo    Provide limited super user privileges to specific users

那么这项服务有什么意义呢?或者这甚至是一项服务?

作者:Community,s3v3n

最佳答案

简短回答

在重新启动时撤消用户的“缓存”身份验证操作。它不是一个守护进程,只是一个在启动时运行的脚本。


广泛的答案

通过检查'启动服务'的init文件/etc/init.d/sudo,您可以轻松地看到它正在做什么:

case "$1" in
  start)
        # make sure privileges don't persist across reboots
        if [ -d /var/lib/sudo ]
        then
                find /var/lib/sudo -exec touch -t 198501010000 '{}' \;
        fi
        ;;
  stop|reload|restart|force-reload)
        ;;
  *)
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

所以,基本上,它只是触及系统启动时/var/lib/sudo中的一些文件,使其具有非常旧的修改时间戳。因此,“缓存”授予的身份验证操作将在服务启动时撤消(在启动时会发生)。

有关/var/lib/sudo目录和那些时间戳的更多细节,好吗?那么,从sudo(8)的映射中:

[...] Once a user has been authenticated, a time stamp is updated and the user may then use sudo without a password for a short period of time (15 minutes unless overridden in sudoers). [...] Since time stamp files live in the file system, they can outlive a user's login session. As a result, a user may be able to login, run a command with sudo after authenticating, logout, login again, and run sudo without authenticating so long as the time stamp file's modification time is within 15 minutes (or whatever the timeout is set to in sudoers). [...] /var/lib/sudo Directory containing time stamps

作者:,gertvdijk

相关问答

添加新评论