Date: Wed, 14 Aug 1996 18:39:41 +0300 (EET DST) From: Narvi <narvi@haldjas.folklore.ee> To: Alexis Yushin <alexis@ww.net> Cc: freebsd-hackers@freebsd.org Subject: Re: permission control tool Message-ID: <Pine.BSF.3.91.960814183745.24575B-100000@haldjas.folklore.ee> In-Reply-To: <199608141322.RAA13746@dawn.ww.net>
next in thread | previous in thread | raw e-mail | index | archive | help
It seems fine. Check also out a tool called osh. It is a setuid shell
which allows it to be specified who may execute which commands. One place
it is available from is ftp.sunet.se under /pub/security.
Sander
On Wed, 14 Aug 1996, Alexis Yushin wrote:
> Midday,
>
> The software is written but releasing it as is would be kind of
> releasing of a trojan horse for many regular users. I am looking for
> your comments and opinions about this kind of software and how we would
> modify it to easy permissions control keeping security level sufficient.
> Thanks,
> alexis
>
> ------------------------------------------------------------------------
> DOAS Utility
>
> LYRIC
> -----
>
> First I wanted it as sophisticated as possible. I wrote
> tons of yacc grammar for every situation. Then I realized that I
> never need anything except real user id and real group id, and in
> the most rare cases login name. Well, except of remote host and
> line, of course. So I have erased much of the code in order to make
> it lighter and more simple. The grammar now includes no keywords.
> I think it is for good. I realized that with the current grammar
> I have very doubtful need in aliases so I removed them from the
> sources too. In fact in my TODO there is an item to rewrite the
> parser in pure C code. Mail me if you want anything from the list
> above back :-)
>
> OVERVIEW
> --------
> ``doas'' stands for ``do as'' -- that is do something as
> somebody. In other words the program lets you execute permitted
> commands with permitted user and group IDs.
>
> USAGE
> -----
> doas user[.group] command
>
> Is there anything else to tell about it?
>
> CONFIGURATION
> -------------
>
> The configuration file is a set of permissions and usually
> resides in /etc called permissions.
>
> # This is a single line comment. Every comment starts with '#' sign.
>
> Every permission is specified as follows:
>
> username1 [(login1)] [.group1] [,username2 ...] [@host1 [,host2 ...]]
> [:line1 [,line2 ...]] {
>
> username[.group] [,username ...] : [ flag [, flag ] :
> [command path][,command ...] ;
> username[.group] [,username ...] : [ flag [, flag ] :
> [command path] [,command ...] ;
> }
>
> If no ``(login)'' specified the loginname check is disabled.
> When no ``.group'' specified the group id is assumed to be the
> default login group of the user specified.
>
> Empty hostname when '@' sign is there stands for only the
> local host.
>
> Empty line as well as ':' absense stands for any line.
>
> Every string or word which is not [*?\[\]!/A-Za-z0-9]* needs
> to be enclosed into double quotes. Basically these are host names
> which could contain dots.
>
> Everything except of login names and numbers (IDs) is
> treated as a shell file patterns.
>
> Backslash disables the special meaning (if any) of the
> following character.
>
> Commands should be given as absolute pathnames with
> possible shell patterns.
>
> FLAGS
> -----
> Currently flags control environment passing into child
> process. Initially there is no environment at all and if none is
> made with flags a standard minimal one supplied. Being processed
> from left to right the flags do:
>
> + (Plus sign by itself) Copies (not overwriting)
> entire preserved environment to the target
> process
>
> +NAME The same as just plus but only copies
> variable which NAME is given
>
> +NAME=VALUE Overwrites variable NAME with VALUE
>
> -NAME Removes variable NAME from target environment
> vector.
>
> PATTERNS
> --------
> Patterns used in doas are sh(1) like. The metacharacters
> are:
>
> '*' -- matches any arbitrary string
> '?' -- matches any single character
> '[' -- introduces and matches a class of characters until the
> subsequent ']' character or single '[' if there is
> no ']' following. An exclamation sign in the first
> position of the class complements the whole class.
> A minus sign not in the first or the last position
> of the class introduces an interval of characters.
>
> An exclaimation sign in the first position of the whole
> pattern inverses the result of the search.
>
>
> EXAMPLE
> -------
>
> alexis(alexis).wildwind,ann,anton.300 @,"eddy.ww.net","sunset.ww.net" :* {
> root.wheel:+PATH,+USER="shut":/sbin/reboot,/sbin/halt,/sbin/fastboot;
> bin.bin::/usr/bin/install;
> uucp::/usr/libexec/uucp/uuxqt;
> }
>
> The permission above says that user ``alexis'' with login name ``alexis''
> and group id ``wildwind'', user ``ann'' with any login name and any group
> id, and user ``anton'' with any login name and group id equal to ``300''
> from local host and from hosts ``eddy.ww.net'' and ``sunset.ww.net''
> being logged in on any (``*'') terminal line can execute:
>
> a) as user ``root'', group ``wheel'' /sbin/reboot, /sbin/halt ...
> b) as user ``bin'', group ``bin'' with their environment not
> modified (that trailing plus sign) /usr/bin/install
> c) as user ``uucp'', group equal to the login group of ``uucp''
> /usr/libexec/uucp/uuxqt
>
> The first line (a) lets a user keep his/her PATH environmental
> variable and sets USER variable to "shut" value.
>
>
> --
> If a camel flies, no one laughs if it doesn't get very far.
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960814183745.24575B-100000>