질문:
여기에 $user라는 변수가 필요합니다.
chown $user:$user "$HOME"/.bashrc
그러나 외부에서는 sudo접근 할 수 없습니다 EOF.
for user in "$@"
do
if [ "$user" = root ]
then
continue
fi
sudo -i -u "$user" bash <<'EOF'
sleep 5
cp -f $CURRENTDIR/.bashrc "$HOME"/.bashrc
chown $user:$user "$HOME"/.bashrc
sleep 5
chmod 644 "$HOME"/.bashrc
sleep 5
wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors
sleep 5
echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
. "$HOME"/.bashrc
EOF
done
질문:
스크립트에서 $user에 액세스하는 방법은 무엇입니까?
전체 스크립트는 다음과 같습니다.
#!/bin/bash -x
SCRIPTNAME=`basename "$0"`
if [ "$#" -eq 0 ]
then
echo "No arguments supplied"
echo "Usage: $SCRIPTNAME user1name user2name\(optional\) user3name\(optional\)"
sleep 10
exit 27
fi
sleep 5
echo "Setting up server.........."
sleep 10
DIRBASHRCROOT="$HOME"/.bashrcroot
DIRBASHRC="$HOME"/.bashrc
#CURRENTDIR="./"
BASHRC=.bashrc
NANORC=.nanorc
BASHRCROOT=.bashrcroot
ROOT=root
USER1="$1"
USER2="$2"
USER3="$3"
USER_PROGRAMMER=""
SOURCE=sources.list
var=0
for i in "$@"
do
if [ "$i" = root ]
then
break
elif [ "$i" != root ]
then
var=`expr $var + 1`
if [ $var -eq 3 ]
then
USER_PROGRAMMER=root
fi
fi
done
if [ $USER_PROGRAMMER != "" ]
then
echo "$USER_PROGRAMMER is set and ready!"
fi
sleep 5
echo "Please select/provide the port-number for ssh in iptables:"
read port
PORT=$port
################# Make my variable global for all ########################3↓
echo "export CURRENTDIR=\"/tmp/svaka\"" >> /root/.bashrc
touch /etc/profile.d/bashProgrammer.sh
echo "export CURRENTDIR=\"/tmp/svaka\"" >> /etc/profile.d/bashProgrammer.sh
. /root/.bashrc
. /etc/profile
. /etc/profile.d/bashProgrammer.sh
################ Users and access settings #####################
checkIfUser()
{
for name in "$@"
do
if id -u "$name" #>/dev/null 2>&1
then
echo "User: $name exists....setting up now\!"
sleep 5
else
echo "User: "$name" does not exists....creating now\!"
useradd -m -s /bin/bash "$name" #>/dev/null 2>&1
sleep 5
fi
done
}
checkIfUser $1 $2 $3
################33 user passwords
userPass()
{
for i in "$@"
do
if [ "$i" = root ]
then
continue
fi
if [[ $(passwd --status "$i" | awk '{print $2}') = NP ]]
then
echo "$i doesn't have a password."
echo "Changing password for $i:"
echo $i:$i"YOURSTRONGPASSWORDHERE12345Áá" | chpasswd
if [ "$?" = 0 ]
then
echo "Password for user $i changed successfully"
sleep 5
fi
fi
done
}
userPass $1 $2 $3
################################################ setting up iptables ####################3
cat << EOT >> /etc/iptables.test.rules
*filter
IPTABLES CODE HERE
COMMIT
EOT
sleep 5
iptables-restore < /etc/iptables.test.rules
sleep 5
iptables-save > /etc/iptables.up.rules
sleep 3
printf "#!/bin/bash\n/sbin/iptables-restore < /etc/iptables.up.rules" > /etc/network/if-pre-up.d/iptables
chmod +x /etc/network/if-pre-up.d/iptables
sleep 6
###################################################33 sshd_config
cp -f "$CURRENTDIR/sshd_config" /etc/ssh/sshd_config
sed -i "s/Port 34504/Port $PORT/g" /etc/ssh/sshd_config
chmod 644 /etc/ssh/sshd_config
/etc/init.d/ssh restart
#################################################3333 Remove or comment out DVD/cd line from sources.list
sed -i '/deb cdrom:\[Debian GNU\/Linux/s/^/#/' /etc/apt/sources.list
####################################################33 update system
apt update && apt upgrade -y
##########################################3 Disable login www #########
passwd -l www-data
###############################################################
############################# check if programs installed and/or install
if [ ! -x /usr/bin/git ] || [ ! -x /usr/bin/wget ] || [ ! -x /usr/bin/curl ] || [ ! -x /usr/bin/gcc ] || [ ! -x /usr/bin/make ]
then
echo "Some tools with which to work with data not found installing now......................"
apt install -y git wget curl gcc make
fi
#####################################################3 update sources.list
cp -f $CURRENTDIR/$SOURCE /etc/apt/sources.list
chmod 644 /etc/apt/sources.list
wget http://www.deb-multimedia.org/pool/main/d/deb-multimedia-keyring/deb-multimedia-keyring_2016.8.1_all.deb
dpkg -i deb-multimedia-keyring_2016.8.1_all.deb
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
apt update && apt upgrade -y
apt install -y vlc vlc-data browser-plugin-vlc mplayer youtube-dl libdvdcss2 libdvdnav4 libdvdread4 smplayer mencoder
sleep 5
apt update && apt upgrade -y
sleep 5
#################################### firmware
apt install -y firmware-linux-nonfree firmware-linux
sleep 5
################ NANO SYNTAX-HIGHLIGHTING #####################3
if [ ! -d "$CURRENTDIR/nanorc" ]
then
if [ "$UID" != 0 ]
then
sudo -u "$ROOT" bash <<'EOF'
sleep 5
git clone https://github.com/nanorc/nanorc.git
sleep 5
cd nanorc
make install-global
sleep 5
cp -f "$CURRENTDIR/.nanorc" /etc/nanorc
chown root:root /etc/nanorc
chmod 644 /etc/nanorc
if [ "$?" = 0 ]
then
echo "Implementing a custom nanorc file succeeded\!"
else
echo "Nano setup DID NOT SUCCEED\!"
fi
EOF
else
echo "Doing user: $USER....please, wait\!"
git clone https://github.com/nanorc/nanorc.git
sleep 5
cd nanorc
sleep 5
make install-global
sleep 5
cp -f "$CURRENTDIR/$NANORC" /etc/nanorc
chown root:root /etc/nanorc
chmod 644 /etc/nanorc
if [ "$?" = 0 ]
then
echo "Implementing a custom nanorc file succeeded\!"
else
echo "Nano setup DID NOT SUCCEED\!"
fi
fi
fi
echo "Finished setting up nano\!"
################ LS_COLORS SETTINGS #############################
if [ "$UID" != 0 ]
then
echo "This program should be run as root, exiting\! now....."
exit 1
# sudo -i -u "$ROOT" bash <<'EOF'
# BASHRCROOT=.bashrcroot
# cp "$CURRENTDIR/$BASHRCROOT" "$HOME"/.bashrc
# wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors
# echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
# . "$HOME"/.bashrc
#EOF
else
cp -f "$CURRENTDIR/$BASHRCROOT" "$HOME"/.bashrc
chown root:root "$HOME"/.bashrc
chmod 644 "$HOME"/.bashrc
sleep 5
wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors
sleep 5
echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
sleep 5
. "$HOME"/.bashrc
fi
for user in "$@"
do
if [ "$user" = root ]
then
continue
fi
sudo -i -u "$user" bash <<'EOF'
sleep 5
cp -f $CURRENTDIR/.bashrc "$HOME"/.bashrc
chown $user:$user "$HOME"/.bashrc
sleep 5
chmod 644 "$HOME"/.bashrc
sleep 5
wget https://raw.github.com/trapd00r/LS_COLORS/master/LS_COLORS -O "$HOME"/.dircolors
sleep 5
echo 'eval $(dircolors -b $HOME/.dircolors)' >> "$HOME"/.bashrc
. "$HOME"/.bashrc
EOF
done
echo "Finished setting up your system\!"
echo rm -rf /tmp/svaka
답변1
sudo -Es호출하는 사용자의 컨텍스트를 사용하고 보존할 수도 있습니다 . 예를 들어:
$ a=hi sudo -Es env | grep -i ^a=
a=hi
man sudo:
-E, --preserve-env
Indicates to the security policy that the user wishes to preserve their
existing environment variables. The security policy may return an
error if the user does not have permission to preserve the environment.
-s, --shell
Run the shell specified by the SHELL environment variable if it is set
or the shell specified by the invoking user's password database entry.
If a command is specified, it is passed to the shell for execution via
the shell's -c option. If no command is specified, an interactive
shell is executed.
답변2
일반적인 해결책으로 VAR=value실행할 명령줄에서 여러 쌍을 사용하여 추가 환경 변수를 sudo 명령에 전달할 수 있습니다.
이 특별한 경우에 $user변수를 전달하려면 다음을 사용할 수 있습니다.
sudo -i -u "$user" user="$user" bash <<'EOF'
...
chown $user:$user "$HOME"/.bashrc
...
EOF
$CURRENTDIR(예를 들어 스크립트의 나머지 부분에서 그렇게 하는 것처럼 rfiles를 통해 푸시하는 대신 이 방법을 사용하여 변수를 전달할 수도 있습니다 .)
sudo다른 환경 변수를 설정하려면 특정 권한이 필요합니다 . 좋다sudo 맨페이지의 이 섹션상태:
sudoers에 setenv 옵션이 설정되어 있고 실행할 명령이
SETENV레이블을 설정하거나 일치하는 명령이 이면ALL사용자가 지나치게 금지적인 변수를 설정할 수 있습니다. 바라보다스도(5)더 많은 정보를 알고 싶습니다.