.TH US.CONF 5 "JULY 2021" "Alessandro Mauri" .SH NAME us.conf \- us configuration file .SH DESCRIPTION .PP The .BR us(1) utility executes commands as another identity according to the rules in the .BR us.conf configuration file. .PP The rules have the following format: .IP .BR "permit|deny" .BR user as .BR target .OP options .OP ENV .SS Options Possible options are: .IP nopass The user is not required to enter a password. .IP persist Once entering the password for the first time, a timer for five minutes is started, during those five minutes the user is not required to re-enter the password for that session. Re-invoking us resets that timer. .IP nolog Do not log to .BR syslog(2) command outcome .PP The sum of matching rules determines the action taken, if no rules match the action is denied. .PP Comments are made by having the first non-blank character of a line be an hash mark ('#'), comments take up the whole line and cannot be embedded in the middle of a line. .PP A valid user or target is an alphanumeric string containing the name of the target. If the target is a user, the string begins with [0-9A-z]; if the target is a group then the has to begin with ':'. Instead of the name of the user/group it's number can be used, in that case the part of the string that would contain the name must begin with '#' (so after a possible ':'). .PP As options a comma separated list of environment variables can be specified, these will be added or will override existing environment variables during execution of the command. A valid environment variable list starts with an uppercase letter and ends at the next space. .PP A valid config line must be owned by root:root and should not be readable, writable or executable for any other user or group, in other words the best file permissions for the config file are .BR 660 if the config file fails to meet this requirements it will get rejected and invocation will fail. .SH FILES .IP /etc/us.conf us(1) configuration file .SH EXAMPLES .PP The following example will allow root to execute commands as itself without requiring a password and without logging: .PP .EX permit root as root nopass nolog .EE .PP This next example allows users in the wheel group to execute commands as root including a new environment variable IS_WHEEL set to 'yes' and the variable EDITOR will be set to ed, the standard unix editor: .PP .EX permit :wheel as root IS_WHEEL=yes,EDITOR=ed .EE .PP In this example the user maria is allowed to execute commands as a member of the group wheel and the session is remembered so that in the next five minutes the password won't be needed: .PP .EX permit maria as :wheel persist .EE .PP This time the user joe is denied to execute commands as anyone who's member of the group 'coolppl' because joe is uncool .PP .EX deny joe as :coolppl .EE .SH LIMITATIONS .PP Due to the way the environment is parsed, neither the name nor the value can contain commas. .SH "SEE ALSO" .BR us(1) .SH AUTHOR Alessandro Mauri