Sudo

向 sudoers 添加了 shell 腳本,但仍然被拒絕

  • October 3, 2012

我不明白這個?sudo 的其他用途可以正常工作。

[oracle@o plugins]$ su
Password: 
[root@ plugins]# su nrpe
bash-3.2$ /home/oracle/obiee/instances/instance1/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.sh
bash: /home/oracle/obiee/instances/instance1/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.sh: Permission denied
bash-3.2$ sudo -l
Matching Defaults entries for nrpe on this host:
   env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR
   LS_COLORS MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE LC_COLLATE
   LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC
   LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET
   XAUTHORITY"

Runas and Command-specific defaults for nrpe:


User nrpe may run the following commands on this host:
   (ALL) NOPASSWD:
   /home/oracle/obiee/instances/instance1/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.sh
bash-3.2$ 
chmod +x /home/oracle/obiee/instances/instance1/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.sh

該腳本需要設置為“可執行”,然後才能實際執行。這是為了阻止人們執行隨機文本文件並可能對他們的系統進行雜湊處理。

另一個問題是腳本之上的權限。您需要確保腳本所在的目錄可以被世界/您希望能夠讀取的使用者讀取。

引用自:https://serverfault.com/questions/434614