如何使可执行文件需要 root 密码？

Question

不用修改当前的 shell 脚本，你可以创建一个包装器以更多权限来调用它。

保存下面的脚本，使其可执行（例如chmod +x mysudowrapper.sh），然后像这样使用它：

./mysudowrapper.sh /path/to/originalscript.sh

然后originalscript.sh通过以下方式使其成为唯一可运行的root：

chown root:root /path/to/originalscript.sh
chmod go-x /path/to/originalscript.sh

测试一下：

/path/to/originalscript.sh
bash: /path/to/originalscript.sh: Permission denied

通过上述包装器脚本应该可以工作。从这里开始，您应该已经全部设置好了。

#!/bin/bash
# Wrapper to run commands with sudo. Uses gksudo in a GUI environment, falls back on 
# plain sudo in non-GUI environment.
# Info: http://askubuntu.com/a/244690/88802
# Author(s): Gert van Dijk
# Disclaimer: No warranties whatsoever. I'm not responsible for any damage here.
# Purpose of this script is to *demonstrate* a wrapper to run other commands.

GKSUDO=/usr/bin/gksudo
SUDO=/usr/bin/sudo
gui_sudo () { # Run command with a GUI-capable sudo-wrapper
    $GKSUDO -- $SUDO "$@"
}

plain_sudo () { # Run command with the plain sudo wrapper
    $SUDO "$@"
}

has_gui () { # Checks for whether GUI is available via the $DISPLAY environment
    if [ "$DISPLAY" != "" ]; then return 0; else return 1; fi
}

has_args () { # Checks for valid amount of arguments
    if [ "$1" != "" ]; then return 0; else return 1; fi
}

print_usage () { # Prints usage
    echo "Usage: $0 <command> [args]"
}

if has_args $@; then
    if has_gui; then gui_sudo $@; else plain_sudo $@; fi
else
    print_usage; exit 1
fi

Answer 1

不用修改当前的 shell 脚本，你可以创建一个包装器以更多权限来调用它。

保存下面的脚本，使其可执行（例如chmod +x mysudowrapper.sh），然后像这样使用它：

./mysudowrapper.sh /path/to/originalscript.sh

然后originalscript.sh通过以下方式使其成为唯一可运行的root：

chown root:root /path/to/originalscript.sh
chmod go-x /path/to/originalscript.sh

测试一下：

/path/to/originalscript.sh
bash: /path/to/originalscript.sh: Permission denied

通过上述包装器脚本应该可以工作。从这里开始，您应该已经全部设置好了。

#!/bin/bash
# Wrapper to run commands with sudo. Uses gksudo in a GUI environment, falls back on 
# plain sudo in non-GUI environment.
# Info: http://askubuntu.com/a/244690/88802
# Author(s): Gert van Dijk
# Disclaimer: No warranties whatsoever. I'm not responsible for any damage here.
# Purpose of this script is to *demonstrate* a wrapper to run other commands.

GKSUDO=/usr/bin/gksudo
SUDO=/usr/bin/sudo
gui_sudo () { # Run command with a GUI-capable sudo-wrapper
    $GKSUDO -- $SUDO "$@"
}

plain_sudo () { # Run command with the plain sudo wrapper
    $SUDO "$@"
}

has_gui () { # Checks for whether GUI is available via the $DISPLAY environment
    if [ "$DISPLAY" != "" ]; then return 0; else return 1; fi
}

has_args () { # Checks for valid amount of arguments
    if [ "$1" != "" ]; then return 0; else return 1; fi
}

print_usage () { # Prints usage
    echo "Usage: $0 <command> [args]"
}

if has_args $@; then
    if has_gui; then gui_sudo $@; else plain_sudo $@; fi
else
    print_usage; exit 1
fi

如何使可执行文件需要 root 密码？

答案1

相关内容