Lightweight sudo-like program for Linux written in Rust
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Albert S. bb8de3b6c7 also set dumpable to 0, minor improvements 10 months ago
src also set dumpable to 0, minor improvements 10 months ago
Cargo.lock also set dumpable to 0, minor improvements 10 months ago
Cargo.toml initial commit 1 year ago improved README format 10 months ago initial commit 1 year ago


raou is a lightweight sudo-like tool for Linux. It allows a user to execute programs as another user without entering the password. However, the programs (including the parameters) a user can run are explicitly specified by the administrator.

Originally written in C, it’s now reimplemented in Rust.

By default, raou looks in /etc/raou.d/ for config files. If you run “raou backup”, it will look for /etc/raou.d/backup.

Example config file:

user john
target_user root
path /usr/local/bin/

user is the name of the user who you want to give permissions to execute path as the target_user.

path must contain the absolute path.

Optional fields

args: If you want to leave out optional arguments (argv) to path, simply don’t include this. Otherwise, simply specify them

args -v -ltr 

allow_args: Allow arbitrary arguments, so:

raou backup /path

Will launch “path” as specified in the file for the backup entry with “/path” as argv[1] instead of the argument specified with “args” in the config file.

no_new_privs: Defaults to 1. Processes launched with this option active won’t be able to gain more privileges, even when they call setuid programs.

env_vars: A comma-separated list of environment variables to inherit from the current environment. Everything else will be wiped (but others like HOME, SHELL etc. will be appropriately set).

argv0: Set this option if you want to provide your own value as “argv0” The default is the name of the launched binary (not the whole path).