我开发了一个 perl 脚本,它提供了一个菜单驱动的功能,允许用户执行一些简单的任务。
我需要用户能够执行诸如复制文件(保留当前日期和权限)、以不同用户身份运行其他程序(例如 less 或 vi)等任务。该脚本大量使用了 system() 函数。我希望用户通过调用来启动菜单:
sudo -u perluser /usr/bin/perl /data/perlscripts/scripta.pl
这应该以 perl 用户身份启动脚本,然后根据用户的选择执行不同的任务。问题是,每当我使用系统调用时,例如
system("clear");
I get the following error
Can't exec "clear": Permission denied at /data/perlscripts/scripta.pl line 3
If I run the script by logging in as perluser then it all runs succesfully.
Is there any way to get this working? I do not want users to be able to log in as perluser as I need to control what they are able to run. I also do not want to run a command like
system("sudo -u perluser clear");
as I would then require a different team to set up all the sudo commands I wanted to run (which they will probably refuse to do) and this would not be scalable if I have to add extra commands at somepoint.
Thanks,
我认为您可能需要将-i选项(“模拟初始登录”)添加到sudo:
sudo -i -u perluser /usr/bin/perl /data/perlscripts/scripta.pl
这将确保.profileor.login或 whatnot 正确运行,因此$PATH设置正确等等。在几乎所有方面,它真的就像在 shellperluser中实际登录和运行一样/usr/bin/perl /data/perlscripts/scripta.pl。