假設我有一個腳本 a.sh,內容如下:
#!/bin/sh
sudo ls <some_unprivileged_path>
如果我執行須藤命令並執行灰在“sudo”之後不要立即詢問我的密碼,因為“時間戳_超時。”
我正在努力防止這種情況,到目前為止我已經嘗試了一些配置並透過更改來防止這種情況時間戳類型到PPID。
「man sudoers」的相關部分:
ppid A single time stamp record is used for all processes with the same parent process ID (usually the shell). Commands run from the same shell (or other common parent process)
will not require a password for timestamp_timeout minutes (5 by default). Commands run via sudo with a different parent process ID, for example from a shell script, will be
authenticated separately.
tty One time stamp record is used for each terminal, which means that a user's login sessions are authenticated separately. If no terminal is present, the behavior is the same as
ppid. Commands run from the same terminal will not require a password for timestamp_timeout minutes (5 by default).
由於 shell 分叉來執行命令,因此它似乎比預設命令更安全。但我不確定,使用 ppid 而不是預設值是否有任何安全問題?
(我知道有很多更安全的工具或習慣,但是我試圖更多地理解“sudo”和unix的一些概念)