在授权以提升的权限运行命令之前,我想检查可以sudo理解的命令 - 是因为我正在运行调用的脚本sudo,还是因为我在命令中使用变量/转义/子shell。
当它询问我的用户密码时,有没有办法要求sudo打印它将要运行的命令?
像这样的东西:
$ sudo some command with parameters
sudo: about to run ``some command with parameters``
Password:
答案1
sudo -l <somecommand> <someparameters>
如果指定了某个命令并且安全策略允许该命令,则该命令的完全限定路径将与任何命令行参数一起显示。
这是摘录自man sudo
-l, --list If no command is specified, list the allowed (and forbidden) commands for the invoking user (or the user speci‐
fied by the -U option) on the current host. A longer list format is used if this option is specified multiple
times and the security policy supports a verbose output format.
If a command is specified and is permitted by the security policy, the fully-qualified path to the command is
displayed along with any command line arguments. If command is specified but not allowed, sudo will exit with
a status value of 1.
答案2
在 sudo 调用之前添加“set -x”。
[steve@centos8 ~]$ cat x1
#!/bin/bash
echo foo
set -x
sudo id
set +x
echo bar
[steve@centos8 ~]$ ./x1
foo
+ sudo id
[sudo] password for steve:
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
+ set +x
bar
[steve@centos8 ~]$
答案3
sudo 不提供此功能,您可以做的是定义一个函数:
echo_run(){
echo "About to run [$@]"
"$@"
}
# Then you can do : echo_run sudo vim test.sh