2

我想通过在特定行上删除#或添加来编辑 Solaris 中的 sudoers 文件#,那么我该如何为此编写脚本?我的 sudoer 示例文件如下:

# The following line allows su without options/arguments and sux to user root
Cmnd_Alias SU_ROOT = /usr/bin/su "",\
                     /usr/local/bin/sux - root

# Defaults specification
Defaults:%saptb !authenticate

# User privilege specification
%saptb  ALL=(root)SU_SAP
#Uncomment this line when SAP requires root access
%saptb ALL=(root)SU_ROOT
##### END SAP-TB specific  ######
#
#
#Tivoli ITM Tools Team Sudo Right
#
%cgtools        ALL=(root)       NOPASSWD: /opt/IBM/ITM/bin/*

在上面的 sudoers 文件中,我想#在唯一一行之前添加%saptb ALL=(root)SU_ROOT

4

1 回答 1

2

做一个替换sed

# Comment out the line %saptb ALL=(root)SU_ROOT
sudo sed -Ei 's/^(%saptb.*SU_ROOT.*)/#\1/' /etc/sudoers

解释:

-E使用扩展regex

-i就地编辑文件。

s/         # Substitution
^          # Match the start of the line
(          # Capture the following
%saptb     # Followed by %saptb
.*         # Followed by anything
SU_ROOT    # Followed by SU_ROOT
.*         # Followed by anything
)          # Close capture
/          # Replace with 
#          # A hash 
\1         # Followed by the captured line

取消注释行的原理是相同的:

  1. 匹配行首
  2. 紧随其后的是#
  3. 捕获线路的其余部分
  4. 用捕获的部分行替换整行(丢弃#)。

所以:

# Uncomment the line %saptb ALL=(root)SU_ROOT
sudo sed -Ei 's/^#(%saptb.*SU_ROOT.*)/\1/' /etc/sudoers

您可以使用以下脚本通过运行来注释/取消注释sudo ./toggle.sh

#!/bin/bash

# Is the line already commented out
grep -q '#%saptb ALL=(root)SU_ROOT' /etc/sudoers

if [ $? -eq 0 ]; then 
    # Uncomment the line %saptb ALL=(root)SU_ROOT
    sed -Ei 's/^#(%saptb.*SU_ROOT.*)/\1/' /etc/sudoers
else 
    # Comment out the line %saptb ALL=(root)SU_ROOT
    sed -Ei 's/^(%saptb.*SU_ROOT.*)/#\1/' /etc/sudoers
fi
于 2012-11-29T13:30:11.983 回答