-U user, --other-user=user
Used in conjunction with the -l option to list the privileges for user instead of
for the invoking user. The security policy may restrict listing other users'
privileges. When using the sudoers policy, the -U option is restricted to the root
user and users with either the “list” priviege for the specified user or the ability
to run any command as root or user on the current host.
和:
-l, --list
If no command is specified, list the privileges for the invoking user (or the user
specified by the -U option) on the current host. A longer list format is used if
this option is specified multiple times and the security policy supports a verbose
output format.
If a command is specified and is permitted by the security policy for the invoking
user (or the, user specified by the -U option) on the current host, the fully-
qualified path to the command is displayed along with any args. If -l is specified
more than once (and the security policy supports it), the matching rule is displayed
in a verbose format along with the command. If a command is specified but not
allowed by the policy, sudo will exit with a status value of 1.
% sudo -l
Matching Defaults entries for muru on pi:
secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/bin, env_reset, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin, env_keep+=PATH
Runas and Command-specific defaults for muru:
Defaults!/usr/bin/visudo env_keep+="SUDO_EDITOR EDITOR VISUAL"
User muru may run the following commands on pi:
(ALL : ALL) NOPASSWD: ALL
% sudo -lU nobody
User nobody is not allowed to run sudo on pi.
% sudo -l id
/usr/sbin/id
% sudo -lU nobody id
% echo $?
1
% sudo -u nobody id
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
来自手册页
sudo:和:
因此,
-U专门用于-l。sudo -l检查用户可以使用 做什么sudo,并sudo -lU <some-user>检查<some-user>使用 可以做什么sudo。-U与其他任何方式一起使用都会导致错误。另一方面,
-u <some-user>用于以 身份运行命令<some-user>。例子: