Date: Wed, 14 Aug 1996 18:39:41 +0300 (EET DST) From: Narvi <narvi@haldjas.folklore.ee> To: Alexis Yushin <alexis@ww.net> Cc: freebsd-hackers@freebsd.org Subject: Re: permission control tool Message-ID: <Pine.BSF.3.91.960814183745.24575B-100000@haldjas.folklore.ee> In-Reply-To: <199608141322.RAA13746@dawn.ww.net>
next in thread | previous in thread | raw e-mail | index | archive | help
It seems fine. Check also out a tool called osh. It is a setuid shell which allows it to be specified who may execute which commands. One place it is available from is ftp.sunet.se under /pub/security. Sander On Wed, 14 Aug 1996, Alexis Yushin wrote: > Midday, > > The software is written but releasing it as is would be kind of > releasing of a trojan horse for many regular users. I am looking for > your comments and opinions about this kind of software and how we would > modify it to easy permissions control keeping security level sufficient. > Thanks, > alexis > > ------------------------------------------------------------------------ > DOAS Utility > > LYRIC > ----- > > First I wanted it as sophisticated as possible. I wrote > tons of yacc grammar for every situation. Then I realized that I > never need anything except real user id and real group id, and in > the most rare cases login name. Well, except of remote host and > line, of course. So I have erased much of the code in order to make > it lighter and more simple. The grammar now includes no keywords. > I think it is for good. I realized that with the current grammar > I have very doubtful need in aliases so I removed them from the > sources too. In fact in my TODO there is an item to rewrite the > parser in pure C code. Mail me if you want anything from the list > above back :-) > > OVERVIEW > -------- > ``doas'' stands for ``do as'' -- that is do something as > somebody. In other words the program lets you execute permitted > commands with permitted user and group IDs. > > USAGE > ----- > doas user[.group] command > > Is there anything else to tell about it? > > CONFIGURATION > ------------- > > The configuration file is a set of permissions and usually > resides in /etc called permissions. > > # This is a single line comment. Every comment starts with '#' sign. > > Every permission is specified as follows: > > username1 [(login1)] [.group1] [,username2 ...] [@host1 [,host2 ...]] > [:line1 [,line2 ...]] { > > username[.group] [,username ...] : [ flag [, flag ] : > [command path][,command ...] ; > username[.group] [,username ...] : [ flag [, flag ] : > [command path] [,command ...] ; > } > > If no ``(login)'' specified the loginname check is disabled. > When no ``.group'' specified the group id is assumed to be the > default login group of the user specified. > > Empty hostname when '@' sign is there stands for only the > local host. > > Empty line as well as ':' absense stands for any line. > > Every string or word which is not [*?\[\]!/A-Za-z0-9]* needs > to be enclosed into double quotes. Basically these are host names > which could contain dots. > > Everything except of login names and numbers (IDs) is > treated as a shell file patterns. > > Backslash disables the special meaning (if any) of the > following character. > > Commands should be given as absolute pathnames with > possible shell patterns. > > FLAGS > ----- > Currently flags control environment passing into child > process. Initially there is no environment at all and if none is > made with flags a standard minimal one supplied. Being processed > from left to right the flags do: > > + (Plus sign by itself) Copies (not overwriting) > entire preserved environment to the target > process > > +NAME The same as just plus but only copies > variable which NAME is given > > +NAME=VALUE Overwrites variable NAME with VALUE > > -NAME Removes variable NAME from target environment > vector. > > PATTERNS > -------- > Patterns used in doas are sh(1) like. The metacharacters > are: > > '*' -- matches any arbitrary string > '?' -- matches any single character > '[' -- introduces and matches a class of characters until the > subsequent ']' character or single '[' if there is > no ']' following. An exclamation sign in the first > position of the class complements the whole class. > A minus sign not in the first or the last position > of the class introduces an interval of characters. > > An exclaimation sign in the first position of the whole > pattern inverses the result of the search. > > > EXAMPLE > ------- > > alexis(alexis).wildwind,ann,anton.300 @,"eddy.ww.net","sunset.ww.net" :* { > root.wheel:+PATH,+USER="shut":/sbin/reboot,/sbin/halt,/sbin/fastboot; > bin.bin::/usr/bin/install; > uucp::/usr/libexec/uucp/uuxqt; > } > > The permission above says that user ``alexis'' with login name ``alexis'' > and group id ``wildwind'', user ``ann'' with any login name and any group > id, and user ``anton'' with any login name and group id equal to ``300'' > from local host and from hosts ``eddy.ww.net'' and ``sunset.ww.net'' > being logged in on any (``*'') terminal line can execute: > > a) as user ``root'', group ``wheel'' /sbin/reboot, /sbin/halt ... > b) as user ``bin'', group ``bin'' with their environment not > modified (that trailing plus sign) /usr/bin/install > c) as user ``uucp'', group equal to the login group of ``uucp'' > /usr/libexec/uucp/uuxqt > > The first line (a) lets a user keep his/her PATH environmental > variable and sets USER variable to "shut" value. > > > -- > If a camel flies, no one laughs if it doesn't get very far. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960814183745.24575B-100000>