Início / ubuntu / Perguntas / 1531121
Accepted
Mario Palumbo
Asked: 2024-10-25 17:45:53 +0800 CST

Qual é a diferença entre "sudo -u" e "sudo -U"?

  • 772

man sudonão me deixa entender as diferenças.

sudo

1 respostas

  1. Best Answer

    Da página sudode manual :

    -U user, --other-user=user
     Used in conjunction with the -l option to list the privileges for user instead of
     for the invoking user.  The security policy may restrict listing other users'
     privileges.  When using the sudoers policy, the -U option is restricted to the root
     user and users with either the “list” priviege for the specified user or the ability
     to run any command as root or user on the current host.

    E:

    -l, --list
     If no command is specified, list the privileges for the invoking user (or the user
     specified by the -U option) on the current host.  A longer list format is used if
     this option is specified multiple times and the security policy supports a verbose
     output format.

     If a command is specified and is permitted by the security policy for the invoking
     user (or the, user specified by the -U option) on the current host, the fully-
     qualified path to the command is displayed along with any args. If -l is specified
     more than once (and the security policy supports it), the matching rule is displayed
     in a verbose format along with the command.  If a command is specified but not
     allowed by the policy, sudo will exit with a status value of 1.

    Então -Ué exclusivamente para uso com -l. sudo -lverifica o que seu usuário pode fazer usando sudo, e sudo -lU <some-user>verifica o que <some-user>pode fazer usando sudo. Usar -Ucom qualquer outra coisa resultará em erro.

    Por outro lado, -u <some-user>é usado para executar comandos como <some-user>.

    Exemplo:

    % sudo -l
Matching Defaults entries for muru on pi:
    secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/bin, env_reset, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, env_keep+=PATH

Runas and Command-specific defaults for muru:
    Defaults!/usr/bin/visudo env_keep+="SUDO_EDITOR EDITOR VISUAL"

User muru may run the following commands on pi:
    (ALL : ALL) NOPASSWD: ALL

% sudo -lU nobody
User nobody is not allowed to run sudo on pi.

% sudo -l id
/usr/sbin/id

% sudo -lU nobody id
% echo $?
1

% sudo -u nobody id
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
    • 3

relate perguntas