假设我有一个脚本 a.sh,其内容如下:
#!/bin/sh
sudo ls <some_unprivileged_path>
如果我执行须藤命令并执行灰在“sudo”之后不要立即询问我的密码,因为“时间戳_超时。”
我正在努力防止这种情况,到目前为止我已经尝试了一些配置并通过更改来防止这种情况时间戳类型到PPID。
“man sudoers”的相关部分:
ppid A single time stamp record is used for all processes with the same parent process ID (usually the shell). Commands run from the same shell (or other common parent process)
will not require a password for timestamp_timeout minutes (5 by default). Commands run via sudo with a different parent process ID, for example from a shell script, will be
authenticated separately.
tty One time stamp record is used for each terminal, which means that a user's login sessions are authenticated separately. If no terminal is present, the behavior is the same as
ppid. Commands run from the same terminal will not require a password for timestamp_timeout minutes (5 by default).
由于 shell 分叉来执行命令,因此它似乎比默认命令更安全。但是我不确定,使用 ppid 而不是默认值是否存在任何安全问题?
(我知道有很多更安全的工具或习惯,但是我试图更多地理解“sudo”和unix的一些概念)