shell 作为sudo的符号链接,为什么sudoedit有不同的行为

1tu0hz3e  于 2023-11-21  发布在  Shell
关注(0)|答案(2)|浏览(176)

我最近学习了两个整洁的命令,sudoeditsudo -e,它可以帮助我编辑一个不可写的文件,启用我最喜欢的编辑器的配置。此外,我认为sudoedit命令只是一个 Package 器,将-e标志传递给sudo。然而,我发现sudoedit命令只是一个符号链接到sudo

lrwxrwxrwx 1 root root    4 Jun 22 04:49 sudoedit -> sudo

字符串
所以我想知道,作为一个符号链接,为什么sudoeditsudo有不同的行为?这是如何发生的?

4nkexdtk

4nkexdtk1#

它有点被Lajos Arpad的回答所掩盖(“当调用sudoedit时”)。
“它是如何发生的”是你可以通过使用你喜欢的搜索引擎查找“unix argv”或类似的东西来找到的,但简单地说:如果你用C编写程序,你的main函数是作为参数给出的,一个参数数组(通常称为“argv”);按照 * 约定 * argv[0]应该是程序名,虽然事情会变得复杂(https://utcc.utoronto.ca/~cks/space/blog/unix/Argv0IsEasy- tldr你可以把 * 任何东西 * 作为argv[0]传递)重要的一点是,程序可以 * 查看 * argv[0]并决定例如“如果argv[0]是“那就做吧。
你猜怎么着?如果你通过一个符号链接调用一个程序(并且没有做任何可怕的事情),argv[0]就是那个符号链接的名字。
作为一个简单的测试,将echo "$0($*)"写入一个shell脚本,比如说foo.sh,使其可执行(chmod +x foo.sh),创建一个指向它的符号链接(ln -s foo.sh mysymlink),并查看运行./foo.sh 1 2 3./mysymlink 1 2 3时的差异

cwtwac6a

cwtwac6a2#

如果你运行man sudoedit,那么你会看到一个很长的手册页面,我只是粘贴相关的部分:

NAME
    sudo, **sudoedit** — execute a command as another user

SYNOPSIS
    [...]
    **sudoedit** [-ABknS] [-C num] [-D directory] [-g group] [-h host] [-p prompt] [-R directory] [-r role] [-t type] [-T timeout] [-u user] file ...

DESCRIPTION
    [...]
    When invoked as **sudoedit**, the -e option (described below), is implied.

    [...]
    -e, --edit  Edit one or more files instead of running a command.  In lieu of a path name, the string "sudoedit" is used when consulting the security policy.  If the user
                is authorized by the policy, the following steps are taken:

                1.   Temporary copies are made of the files to be edited with the owner set to the invoking user.

                2.   The editor specified by the policy is run to edit the temporary files.  The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables
                     (in that order).  If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.

                3.   If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.

                To help prevent the editing of unauthorized files, the following restrictions are enforced unless explicitly allowed by the security policy:

                •  Symbolic links may not be edited (version 1.8.15 and higher).

                •  Symbolic links along the path to be edited are not followed when the parent directory is writable by the invoking user unless that user is root (version
                   1.8.16 and higher).

                •  Files located in a directory that is writable by the invoking user may not be edited unless that user is root (version 1.8.16 and higher).

                Users are never allowed to edit device special files.

                If the specified file does not exist, it will be created.  Note that unlike most commands run by sudo, the editor is run with the invoking user's environment
                unmodified.  If the temporary file becomes empty after editing, the user will be prompted before it is installed.  If, for some reason, sudo is unable to up‐
                date a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.
     [...]

字符串
因此,sudoedit等价于sudo -e,因此,sudosudoedit之间的差与sudosudo -e之间的差完全相同,即:
编辑一个或多个文件,而不是运行命令

相关问题