Sudo要求提供密码,而不是从stdin获取密码
我有一个在开放终端窗口中运行的脚本:
while sleep 345600; \
do pass="$(security find-generic-password -w -s 'service' -a 'account')"; \
sudo --stdin <<< "${pass}" head /etc/hosts; \
done
当测试时,我手动运行此脚本以设置sleep至1,它按预期运行,sudo可以在没有用户交互的情况下获得通行证。然后,当我以4天的延迟运行脚本时,它在指定的时间内不运行相同的说法,Sudo在用户终端等待密码(即手动键入!)。我什至可以设置PASS变量以包含实际的普通文本密码,无用。
为什么这种差异?
I have a script running in an open terminal window:
while sleep 345600; \
do pass="$(security find-generic-password -w -s 'service' -a 'account')"; \
sudo --stdin <<< "${pass}" head /etc/hosts; \
done
When for a test I manually run this script having set sleep to 1, it works as intended, sudo getting the pass without user's interaction. When I then run the script with the 4 days delay, it does not run the same say in a specified time, sudo waiting for the password from a user's terminal (i.e. typed manually!). I can even set the pass variable to contain the actual plain-text password, of no avail.
Why this difference?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
将您需要的特定命令添加到Sudoers配置可能更安全,并允许它在没有密码的情况下运行(请参阅 https:// https:// 。
如果不是一个选项,则可以尝试使用
- AskPass选项:它采用通往命令的路径,该命令将在调用时在Stdout上输出用户密码。将Find-Generic-Password命令放入辅助脚本中,然后将其传递给- AskPass。It's probably safer to add the particular command you need to the sudoers config and allow it to be run without a password (see https://apple.stackexchange.com/q/398656 for an example of this on macOS).
If that's not an option, you can try using the
--askpassoption: it takes the path to a command that will output the user's password on stdout when called. Put thefind-generic-passwordcommand in a helper script and pass that to--askpass.