User Tools
пакет_sudo
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
пакет_sudo [2017/12/11 14:32] val [Ubuntu] |
пакет_sudo [2025/07/08 09:32] (current) val [Debian/Ubuntu] |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| * [[http://ru.wikipedia.org/wiki/Sudo|Sudo - Википедия]] | * [[http://ru.wikipedia.org/wiki/Sudo|Sudo - Википедия]] | ||
| - | ===== FreeBSD ===== | + | ===== Debian/Ubuntu ===== |
| <code> | <code> | ||
| - | # pkg install sudo | ||
| - | |||
| # visudo | # visudo | ||
| </code><code> | </code><code> | ||
| ... | ... | ||
| - | %wheel ALL = (ALL) ALL | + | %sudo ALL=(ALL) ALL |
| - | userX ALL = NOPASSWD: /usr/bin/tar -cjf - etc/ | + | #%sudo ALL=(ALL) NOPASSWD: ALL |
| - | www ALL = NOPASSWD: /usr/local/sbin/asterisk -x * | + | student ALL=NOPASSWD:/usr/bin/rsync |
| - | </code> | + | |
| - | ===== Debian/Ubuntu ===== | + | www-data ALL=NOPASSWD: /usr/sbin/asterisk -x * |
| - | <code> | + | |
| - | # visudo | + | |
| - | </code><code> | + | |
| - | ... | + | |
| - | %sudo ALL=(ALL) ALL | + | |
| - | userX ALL = NOPASSWD: /bin/tar -cjf - etc/ | + | asterisk ALL=NOPASSWD: /sbin/init 6 |
| - | www-data ALL = NOPASSWD: /usr/sbin/asterisk -x * | + | logstash ALL=NOPASSWD: /root/cisco-backup-config-logstash.sh |
| + | Debian-snmp ALL=NOPASSWD: /root/cisco-backup-config.sh | ||
| + | mrtg ALL=NOPASSWD: /etc/mrtg-dhcp-stat.sh | ||
| + | |||
| + | gitlab-runner ALL=NOPASSWD: /usr/bin/make install | ||
| + | jenkins ALL=NOPASSWD: /usr/bin/make install | ||
| + | </code><code> | ||
| + | # visudo -f /etc/sudoers.d/zabbix | ||
| + | </code><code> | ||
| + | zabbix ALL = (ALL) NOPASSWD: /usr/sbin/asterisk -x * | ||
| + | zabbix ALL = (ALL) NOPASSWD: /usr/local/bin/asterisk* | ||
| + | </code><code> | ||
| + | # cat /etc/sudoers.d/openvpn1_client | ||
| + | </code><code> | ||
| + | ALL ALL=(ALL) NOPASSWD: /usr/sbin/openvpn * | ||
| </code> | </code> | ||
| + | |||
| + | * Самый простой пример CI/CD [[Самый простой пример CI/CD#Шаг 5. GitLab Runner]] | ||
| ===== Варианты использования ===== | ===== Варианты использования ===== | ||
| - | Не надо использовать | + | Использовать ответственно |
| <code> | <code> | ||
| Line 38: | Line 46: | ||
| Запуск программ от имени пользователя, даже, не имеющего shell и заблокированного | Запуск программ от имени пользователя, даже, не имеющего shell и заблокированного | ||
| <code> | <code> | ||
| - | # sudo -u games '/usr/local/bin/ex1.sh' | + | # sudo -u asterisk bash |
| + | |||
| + | $ cd | ||
| + | </code> | ||
| + | Запуск "сложных" команд (с конвейерами) с повышенными привилегиями | ||
| + | <code> | ||
| + | $ sudo sh -c 'tail -n1 /etc/shadow | cat > /ttt' | ||
| </code> | </code> | ||
пакет_sudo.1512991951.txt.gz · Last modified: 2017/12/11 14:32 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
