Fastest Way to Determine User Permissions in /etc/sudoer

安稳与你 提交于 2019-12-06 11:43:48

If sudo -v succeeds, the user has been authorized to use sudo; if it fails, then the user has not been authorized to use sudo.

# su user -c 'setsid sudo -v </dev/null'; echo $?
[sudo] password for user:
1
# su root -c 'setsid sudo -v </dev/null'; echo $?
0

Without setsid, sudo will try to ask for the password interactively even if stdin/stdout/stderr have all been redirected. If you don't have a controlling terminal, this isn't needed, but you will probably need something other than su to change user permissions, like fork+setreuid.

If you indeed need "the fastest way", I guess you're building a webserver that would handle many concurrent requests.

This raises another problem - the concurrency issue. Generally, many process reading and writing to the same important file is a recipe for a catastrophe.

Build a small independent process to handle the task. It should have a minimal interface that will receive requests from the clients, and updates for the the /etc/sudoer file. Something like has_NOPASSWD_access() and set_NOPASSWD_access(). It should read the file only when it needs to be written, so you'll greatly reduce the I/O time required to serve a request.

Pros -

  • Fast : No I/O needed for just reading the file, because it is stored in the buffer since the initial read
  • Thread safe: Only one server writes and reads the sudoer file
  • Single choice principle - only this process handles the sudoer file
  • Elegant (I hope) :-)

Cons - - List them in the comments, and I'll add.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!