我们有以下版本的sudoers文件
$ sudo cat /etc/sudoers
[sudo] password mee:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
文件似乎是Canonical在Ubuntu 18.04中提供的原始格式。我们还假设/etc/sudoers.d未填充sudoers策略修改。
mee@hosta:~$ groups
mee cdrom sudo dip plugdev lpadmin sambashare vboxsf
对于以下示例类型的命令
mee@hosta:~$ sudo cat /dev/null
要强调的是:-l和-u用户,不使用-g组。
是决定切换到root用户的sudo可执行文件还是其插件sudoers?哪个sudo手册片段或一个sudoers可以回答这个问题?
检查命令字符串及其环境(被哪个用户调用)与%sudo ALL=(ALL:ALL) ALL是否匹配的实例必须得出结论“允许任何用户和任何组调用它”。但是,在何处做出“将用户切换为root用户以执行命令”的决定?还是在sudoers插件中,直到处理转换回sudo可执行文件?