使用sudo,可以作爲其他用戶執行命令,並且確實安全地將參數傳遞給該命令。將參數安全地傳遞到通過su執行的命令
例討厭論點:
nastyArg='"double quoted" `whoami` $(whoami) '"'simple quoted "'$(whoami)'"'"
預期輸出,經由termninal運行作爲congelli501:
% echo "$nastyArg"
"double quoted" `whoami` $(whoami) 'simple quoted $(whoami)'
執行如congelli501,經由須藤:
# sudo -u congelli501 -- echo "$nastyArg"
"double quoted" `whoami` $(whoami) 'simple quoted $(whoami)'
執行如congelli501,通過su(通常的逃生方法):
# su congelli501 -c "echo '$nastyArg'"
"double quoted" `whoami` $(whoami) simple quoted congelli501
正如您所看到的,參數並不安全地傳遞,因爲它由shell重新解釋。
有沒有辦法通過su啓動命令並直接傳遞它的參數,就像你可以使用sudo一樣?