Browse Source

added manual pages

Alessandro Mauri 3 months ago
3 changed files with 183 additions and 6 deletions
  1. +9
  2. +77
  3. +97

+ 9
- 5
makefile View File

@ -18,13 +18,17 @@ install: us
cp -f us ${DESTDIR}${PREFIX}/bin/us
chown 0:0 ${DESTDIR}${PREFIX}/bin/us
chmod 4755 ${DESTDIR}${PREFIX}/bin/us
# mkdir -p ${DESTDIR}${MANPREFIX}/man1
# cp -f us.1 ${DESTDIR}${MANPREFIX}/man1/us.1
# chmod 644 ${DESTDIR}${MANPREFIX}/man1/us.1
mkdir -p ${DESTDIR}${MANPREFIX}/man1
cp -f us.1 ${DESTDIR}${MANPREFIX}/man1/us.1
chmod 644 ${DESTDIR}${MANPREFIX}/man1/us.1
mkdir -p ${DESTDIR}${MANPREFIX}/man5
cp -f us.conf.5 ${DESTDIR}${MANPREFIX}/man5/us.conf.5
chmod 644 ${DESTDIR}${MANPREFIX}/man5/us.conf.5
rm -f ${DESTDIR}${PREFIX}/bin/us
# ${DESTDIR}${MANPREFIX}/man1/us.1
rm -f ${DESTDIR}${PREFIX}/bin/us \
rm -f us us-dbg

+ 77
- 1
us.1 View File

@ -1,2 +1,78 @@
.TH US 1 "JULY 2021" "Alessandro Mauri"
us \- execute command with another identity
.SY us
.OP \-hseA
.OP \-u user
.OP \-g group
.OP \-C config
.OP command
.OP args
.BR us
utility executes the given command as another identity, which by default is
root. If no command is specified, it starts a shell as that user.
In order to execute anything users need to authenticate and the user + target
identity configuration must be allowed in the configuration file, see
.BR us.conf(5)
for more information.
By default when a command or shell gets executed a new environment gets created,
USER is set with the target user, as well as LOGNAME, SHELL and HOME get all set
with the default values for the target user.
PATH, TERM, EDITOR, VISUAL, DISPLAY and XAUTHORITY instead are kept between
Lastly a new variable US_USER is added (but not overridden) which contains the
calling user's username.
Invoking the program logs by default to
.BR syslog(2)
the outcome of the invocation, this behaviour can be changed in the config.
.IP \-h
Print usage info message.
.IP \-s
Use the calling user's SHELL instead of the target user's one.
.IP \-e
Keep the entire environment between execution instead of just PATH, TERM,
EDITOR, VISUAL, DISPLAY and XAUTHORITY; user variables still get overridden.
.IP \-A
Instead of prompting for a password,
.BR us
executes the command specified in the variable US_ASKPASS and reads it's stdout
as the password. If US_ASKPASS is not specified then it will fall back
prompting the password.
.IP "\-u user"
Change the target identity to
.I user
(default is root).
.IP "\-g group"
Set the group of the target user to
.I group
instead of the target user's default, also add it to the group list.
.IP "\-C config"
Use the specified config file
.BR us
utility returns 0 on success and != 0 on failure which may occur on
various occasions, along with an error a message will be outputted to specify
the reason.
.BR su(1)
.BR us.conf(5)
Alessandro Mauri <>

+ 97
- 0
us.conf.5 View File

@ -0,0 +1,97 @@
.TH US.CONF 5 "JULY 2021" "Alessandro Mauri"
us.conf \- us configuration file
.BR us(1)
utility executes commands as another identity according to the rules in the
.BR us.conf
configuration file.
The rules have the following format:
.BR "+|\-"
.BR user
.BR target
.OP options
.SS Options
Possible options are:
.IP nopass
The user is not required to enter a password.
.IP persist
Once entering the password for the first time, a timer for five minutes is
started, during those five minutes the user is not required to re-enter
the password for that session. Re-invoking us resets that timer.
.IP nolog
Do not log to
.BR syslog(2)
command outcome
The sum of matching rules determines the action taken, if no rules match
the action is denied.
Comments are made by having the first non-blank character of a line be an hash
mark ('#'), comments take up the whole line and cannot be embedded in the
middle of a line.
A valid user or target is an alphanumeric string containing the name of the
target. If the target is a user, the string begins with [0-9A-z]; if the
target is a group then the has to begin with ':'. Instead of the name of the
user/group it's number can be used, in that case the part of the string that
would contain the name must begin with '#' (so after a possible ':').
As options a comma separated list of environment variables can be specified,
these will be added or will override existing environment variables during
execution of the command. A valid environment variable list starts with an
uppercase letter and ends at the next space.
A valid config line must be owned by root:root and should not be readable,
writeable or executable for any other user or group, if the config file fails
to meet this requirements it will get rejected and invocation will fail.
.IP /etc/us.conf
us(1) configuration file
The following example will allow root to execute commands as itself without
requiring a password and without logging:
+ root as root nopass nolog
This next example allows users in the wheel group to execute commands as
root including a new environment variable IS_WHEEL set to 'yes' and the variable
EDITOR will be set to ed, the standard unix editor:
+ :wheel as root IS_WHEEL=yes,EDITOR=ed
In this example the user maria is allowed to execute commands as a member of
the group wheel and the session is remembered so that in the next five
minutes the password won't be needed:
+ maria as :wheel persist
This time the user joe is denied to execute commands as anyone who's member of
the group 'coolppl' because joe is uncool
- joe as :coolppl
.BR us(1)
Alessandro Mauri <>