如果有人在ssh shell中调用passwd,我是否需要sudo作为sudo?
问题描述:
在linux中,如果我打开终端模拟器并运行命令sudo
,它会提示输入密码。但随后的sudo
调用不会提示输入密码。如果有人在ssh shell中调用passwd,我是否需要sudo作为sudo?
但是,如果在用户第一次在终结器模拟器窗口内进行身份验证之后,用户的密码与passwd
一起更改会怎样? sudo
是否顺利通过,还是需要用户再次输入?
答
取决于配置在/ etc/sudoers文件
通常羯羊它在时间的变化与否,用户可以调用sudo的长达5分钟,而无需再次输入密码,但可以重新配置在/ etc/sudoers文件
看到男人的sudoers 搜索timestamp_timeout
我的系统上读取
timestamp_timeout
Number of minutes that can elapse before sudo will ask for
a passwd again. The timeout may include a fractional com‐
ponent if minute granularity is insufficient, for example
2.5. The default is 5. Set this to 0 to always prompt
for a password. If set to a value less than 0 the user's
time stamp will not expire until the system is rebooted.
This can be used to allow users to create or delete their
own time stamps via “sudo -v” and “sudo -k” respectively.
and
sudoers uses per-user time stamp files for credential caching. Once a user
has been authenticated, a record is written containing the uid that was used
to authenticate, the terminal session ID, and a time stamp (using a mono‐
tonic clock if one is available). The user may then use sudo without a
password for a short period of time (5 minutes unless overridden by the
timestamp_timeout option). By default, sudoers uses a separate record for
each tty, which means that a user's login sessions are authenticated sepa‐
rately. The tty_tickets option can be disabled to force the use of a single
time stamp for all of a user's sessions.