Bayan shekaru 9 da samuwar reshen sudo 1.8.x, an sanar da sakin sabon sigar muhimmin fasalin mai amfani wanda ake amfani dashi don tsara hukuncin kisa a madadin sauran masu amfani, sabon sigar shine "Sudo 1.9.0" kuma wannan ma yana nuna sabon reshe.
- Sudo mafi amfani mai amfani kuma anyi amfani dashi a tsarin aiki irin na Unix, kamar Linux, BSD, ko Mac OS X, tunda kamar yadda aka ambata, wannan ba masu amfani damar gudanar da shirye-shirye tare da gatan tsaro na wani mai amfani (yawanci tushen mai amfani) a amince, don haka na ɗan lokaci ya zama superuser.
Ta hanyar tsoho, mai amfani dole ne ya tantance tare da kalmar sirrin su yayin gudanar da sudo. Da zarar an amintar da mai amfani kuma idan fayil da sauransu / sauransu / sudoers ya ba wa mai amfani damar yin amfani da umarnin da ake buƙata, tsarin ya aiwatar da shi.
Akwai zaɓi don kunna sigar NOPASSWD don kaucewa shigar da kalmar sirri dkuma mai amfani yayin aiwatar da umarnin. Fayil ɗin sanyi na / etc / sudoers ya ƙayyade waɗanda masu amfani zasu iya aiwatar da wane umarni a madadin waɗansu masu amfani.
Tunda sudo yana da tsayayyar tsari sosai da tsarin wannan fayil ɗin kuma duk wani kuskure da zai iya haifar da matsala mai tsanani, to akwai visudo mai amfani; Ana amfani da wannan zaɓin don bincika cewa fayil / etc / sudoers ba a amfani da su daga wani zaman mai amfani, don haka guje wa yin gyare-gyare da yawa tare da yiwuwar lalata fayil.
Babban labarai a Sudo 1.9.0
A cikin wannan sabon sigar aikin da aka aiwatar kuman samar da abun da ke ciki bayanan bango «sudo_logsrvd«, wannan tsara don ƙayyadaddun rajista na sauran tsarin. Lokacin gina sudo tare da zaɓi «–Ka kunna-budewa«, Ana watsa bayanan ne ta hanyar hanyar sadarwa mai rufin asiri (TLS).
Rikodin an saita shi ta amfani da zaɓi na log_servers a cikin sudoers kuma don dakatar da tallafi don sabon tsarin ƙaddamar da log, zaɓuɓɓukan «–Disable-log-server»Kuma« –wayar-log-abokin ciniki ».
Har ila yau, an daɗa sabon nau'in plugin - "dubawa", wanda ke aika saƙonni game da kira mai nasara da rashin nasara, da kuma game da kurakuran da ke faruwa, da kuma sabon nau'in kayan aikin da zai ba ku damar haɗa masu kula da ku don shiga kuma hakan bai dogara da daidaitaccen aikin ba. Misali, ana aiwatar da mai sarrafawa don rubuta bayanai a cikin tsarin JSON a cikin hanyar plugin.)
Har ila yau an ƙara sabon nau'in kari «yarda»Cewar Ana amfani dasu don aiwatar da ƙarin bincike bayan binciken izini na asali nasara masu dogaro da mulki. Za'a iya ayyana nau'ikan nau'ikan nau'ikan nau'ikan a cikin saitunan, amma ana ba da tabbacin aikin ne kawai lokacin da duk abubuwan da aka lissafa a cikin saitunan suka amince da su.
A cikin sudo da sudo_logsrvd, an ƙirƙiri ƙarin fayil ɗin log a cikin tsarin JSON, wanda ke nuna bayanin game da duk sigogin umarnin da ke gudana, gami da sunan mai masaukin. Ana amfani da wannan rijistar ta mai amfani wasan kwaikwayo, a cikin abin da zai yiwu a tace umarnin ta sunan mai masauki.
Jerin takaddun layin umarni da aka wuce ta canjin yanayi sudo_umarni yanzu an yanke shi zuwa haruffa 4096.
Na sauran canje-canje Wannan ya fito daga talla:
- Umurnin sudo -S yanzu yana buga duk buƙatun zuwa daidaitaccen fitarwa ko stderr, ba tare da samun damar na'urar sarrafa tashar ba.
- Don gwada hulɗa tare da sabar ko aika rajistar data kasance, an samar da mai amfani da sudo_sendlog;
- Ara ikon haɓaka plugins ɗin sudo a cikin Python, wanda aka kunna yayin tattarawa tare da zaɓi «–Yin-kunnawa".
- En zufa, maimakon Cmnd_Aliases, Cmd_Aliases Yanzu kuma yana da inganci.
- An ƙara sabbin saituna pam_ruser da pam_rhost don kunnawa / musaki saita sunan mai amfani da saitunan mai masauki lokacin saita zama ta hanyar PAM.
- Yana yiwuwa a tantance takamaiman SHA-2 hash a kan layin umarnin raba wakafi. Hakanan ana iya amfani da zanin SHA-2 a cikin masu shayarwa a haɗe tare da kalmar "DUK" don ayyana umarni waɗanda za a iya aiwatar da su kawai lokacin da zanta ta dace.