User Switcher, just like sudo but worse
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

105 lines
2.9 KiB

.TH US.CONF 5 "JULY 2021" "Alessandro Mauri"
.SH NAME
us.conf \- us configuration file
.SH DESCRIPTION
.PP
The
.BR us(1)
utility executes commands as another identity according to the rules in the
.BR us.conf
configuration file.
.PP
The rules have the following format:
.IP
.BR "+|\-"
.BR user
as
.BR target
.OP options
.OP ENV
.SS Options
Possible options are:
.IP nopass
The user is not required to enter a password.
.IP persist
Once entering the password for the first time, a timer for five minutes is
started, during those five minutes the user is not required to re-enter
the password for that session. Re-invoking us resets that timer.
.IP nolog
Do not log to
.BR syslog(2)
command outcome
.PP
The sum of matching rules determines the action taken, if no rules match
the action is denied.
.PP
Comments are made by having the first non-blank character of a line be an hash
mark ('#'), comments take up the whole line and cannot be embedded in the
middle of a line.
.PP
A valid user or target is an alphanumeric string containing the name of the
target. If the target is a user, the string begins with [0-9A-z]; if the
target is a group then the has to begin with ':'. Instead of the name of the
user/group it's number can be used, in that case the part of the string that
would contain the name must begin with '#' (so after a possible ':').
.PP
As options a comma separated list of environment variables can be specified,
these will be added or will override existing environment variables during
execution of the command. A valid environment variable list starts with an
uppercase letter and ends at the next space.
.PP
A valid config line must be owned by root:root and should not be readable,
writable or executable for any other user or group, in other words the best
file permissions for the config file are
.BR 660
if the config file fails to meet this requirements it will get rejected and
invocation will fail.
.SH FILES
.IP /etc/us.conf
us(1) configuration file
.SH EXAMPLES
.PP
The following example will allow root to execute commands as itself without
requiring a password and without logging:
.PP
.EX
+ root as root nopass nolog
.EE
.PP
This next example allows users in the wheel group to execute commands as
root including a new environment variable IS_WHEEL set to 'yes' and the variable
EDITOR will be set to ed, the standard unix editor:
.PP
.EX
+ :wheel as root IS_WHEEL=yes,EDITOR=ed
.EE
.PP
In this example the user maria is allowed to execute commands as a member of
the group wheel and the session is remembered so that in the next five
minutes the password won't be needed:
.PP
.EX
+ maria as :wheel persist
.EE
.PP
This time the user joe is denied to execute commands as anyone who's member of
the group 'coolppl' because joe is uncool
.PP
.EX
- joe as :coolppl
.EE
.SH LIMITATIONS
.PP
Due to the way the environment is parsed, neither the name nor the value can
contain commas.
.SH "SEE ALSO"
.BR us(1)
.SH AUTHOR
Alessandro Mauri <alemauri001@tuta.io>