Date: Wed, 14 Aug 1996 17:22:18 +0400 (MSD) From: Alexis Yushin <alexis@dawn.ww.net> To: freebsd-hackers@freebsd.org Subject: permission control tool Message-ID: <199608141322.RAA13746@dawn.ww.net>
next in thread | raw e-mail | index | archive | help
Midday,
The software is written but releasing it as is would be kind of
releasing of a trojan horse for many regular users. I am looking for
your comments and opinions about this kind of software and how we would
modify it to easy permissions control keeping security level sufficient.
Thanks,
alexis
------------------------------------------------------------------------
DOAS Utility
LYRIC
-----
First I wanted it as sophisticated as possible. I wrote
tons of yacc grammar for every situation. Then I realized that I
never need anything except real user id and real group id, and in
the most rare cases login name. Well, except of remote host and
line, of course. So I have erased much of the code in order to make
it lighter and more simple. The grammar now includes no keywords.
I think it is for good. I realized that with the current grammar
I have very doubtful need in aliases so I removed them from the
sources too. In fact in my TODO there is an item to rewrite the
parser in pure C code. Mail me if you want anything from the list
above back :-)
OVERVIEW
--------
``doas'' stands for ``do as'' -- that is do something as
somebody. In other words the program lets you execute permitted
commands with permitted user and group IDs.
USAGE
-----
doas user[.group] command
Is there anything else to tell about it?
CONFIGURATION
-------------
The configuration file is a set of permissions and usually
resides in /etc called permissions.
# This is a single line comment. Every comment starts with '#' sign.
Every permission is specified as follows:
username1 [(login1)] [.group1] [,username2 ...] [@host1 [,host2 ...]]
[:line1 [,line2 ...]] {
username[.group] [,username ...] : [ flag [, flag ] :
[command path][,command ...] ;
username[.group] [,username ...] : [ flag [, flag ] :
[command path] [,command ...] ;
}
If no ``(login)'' specified the loginname check is disabled.
When no ``.group'' specified the group id is assumed to be the
default login group of the user specified.
Empty hostname when '@' sign is there stands for only the
local host.
Empty line as well as ':' absense stands for any line.
Every string or word which is not [*?\[\]!/A-Za-z0-9]* needs
to be enclosed into double quotes. Basically these are host names
which could contain dots.
Everything except of login names and numbers (IDs) is
treated as a shell file patterns.
Backslash disables the special meaning (if any) of the
following character.
Commands should be given as absolute pathnames with
possible shell patterns.
FLAGS
-----
Currently flags control environment passing into child
process. Initially there is no environment at all and if none is
made with flags a standard minimal one supplied. Being processed
from left to right the flags do:
+ (Plus sign by itself) Copies (not overwriting)
entire preserved environment to the target
process
+NAME The same as just plus but only copies
variable which NAME is given
+NAME=VALUE Overwrites variable NAME with VALUE
-NAME Removes variable NAME from target environment
vector.
PATTERNS
--------
Patterns used in doas are sh(1) like. The metacharacters
are:
'*' -- matches any arbitrary string
'?' -- matches any single character
'[' -- introduces and matches a class of characters until the
subsequent ']' character or single '[' if there is
no ']' following. An exclamation sign in the first
position of the class complements the whole class.
A minus sign not in the first or the last position
of the class introduces an interval of characters.
An exclaimation sign in the first position of the whole
pattern inverses the result of the search.
EXAMPLE
-------
alexis(alexis).wildwind,ann,anton.300 @,"eddy.ww.net","sunset.ww.net" :* {
root.wheel:+PATH,+USER="shut":/sbin/reboot,/sbin/halt,/sbin/fastboot;
bin.bin::/usr/bin/install;
uucp::/usr/libexec/uucp/uuxqt;
}
The permission above says that user ``alexis'' with login name ``alexis''
and group id ``wildwind'', user ``ann'' with any login name and any group
id, and user ``anton'' with any login name and group id equal to ``300''
from local host and from hosts ``eddy.ww.net'' and ``sunset.ww.net''
being logged in on any (``*'') terminal line can execute:
a) as user ``root'', group ``wheel'' /sbin/reboot, /sbin/halt ...
b) as user ``bin'', group ``bin'' with their environment not
modified (that trailing plus sign) /usr/bin/install
c) as user ``uucp'', group equal to the login group of ``uucp''
/usr/libexec/uucp/uuxqt
The first line (a) lets a user keep his/her PATH environmental
variable and sets USER variable to "shut" value.
--
If a camel flies, no one laughs if it doesn't get very far.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608141322.RAA13746>