raou/README.md

raou
====
raou is a lightweight sudo-like tool for Linux. It allows a user to 
execute programs as another user without entering the password. However,
the programs (including the parameters) a user can run are explicitly
specified by the administrator.

Originally written in C, it's now reimplemented in Rust.

### When to use raou (over sudo) 
Generally, it's not a replacement for sudo. The primary use case of raou is a situation in which you would want to allow a user to run a privileged operation as root without entering passwords. You may not want to use sudo for that, particularly if you don't have it installed already. Some further arguments for raou:
   
   - Simpler config
   - Less complexity, less attack surface
   - Writte in a memory-safe language

### Config
By default, raou looks in  ```/etc/raou.d/``` for config files. If you run
"raou backup", it will look for ```/etc/raou.d/backup```.
Example config file:
```
user john
target_user root
path /usr/local/bin/script.sh
```

**user** is the name of the user who you want to give permissions to 
execute **path** as the **target_user**.  

**path** must contain the absolute path of the to be executed command. 

#### Optional fields

**args** (string): If you want to leave out optional arguments (argv) to *path*, 
simply don't  include this. Otherwise, specify them here.
```
...
args -v -ltr 
```
**allow_args** (1 or 0, default 0): Allow arbitrary arguments, so:
```
raou backup /path
```

Will execute the command specified in **path** of the  ```backup``` entry with "/path" as argv[1] instead of the argument specified with "args" in the config file.

**no_new_privs** (1 or 0, default 1): Processes launched with this option active
won't be able to gain more privileges, even when they call setuid programs. This can break some programs.

**env_vars** (string): A comma-separated list of environment variables to inherit
from the current environment. Everything else will be wiped (but others
like HOME, SHELL etc. will be appropriately set). 

**argv0** (string): Set this option if you want to provide your own value as "argv0"
The default is the name of the launched binary (not the whole path).
added README 2018-10-05 19:09:23 +02:00			`raou`
			`====`
			`raou is a lightweight sudo-like tool for Linux. It allows a user to`
			`execute programs as another user without entering the password. However,`
			`the programs (including the parameters) a user can run are explicitly`
			`specified by the administrator.`

			`Originally written in C, it's now reimplemented in Rust.`

Update README: When to use raou, clarifications 2020-09-26 19:13:48 +02:00			`### When to use raou (over sudo)`
			`Generally, it's not a replacement for sudo. The primary use case of raou is a situation in which you would want to allow a user to run a privileged operation as root without entering passwords. You may not want to use sudo for that, particularly if you don't have it installed already. Some further arguments for raou:`

			`- Simpler config`
			`- Less complexity, less attack surface`
			`- Writte in a memory-safe language`

			`### Config`
			By default, raou looks in ```/etc/raou.d/``` for config files. If you run
			"raou backup", it will look for ```/etc/raou.d/backup```.
added README 2018-10-05 19:09:23 +02:00			`Example config file:`
improved README format 2019-08-11 12:18:15 +02:00			```
added README 2018-10-05 19:09:23 +02:00			`user john`
			`target_user root`
			`path /usr/local/bin/script.sh`
improved README format 2019-08-11 12:18:15 +02:00			```
added README 2018-10-05 19:09:23 +02:00
improved README format 2019-08-11 12:18:15 +02:00			`user is the name of the user who you want to give permissions to`
			`execute path as the target_user.`
added README 2018-10-05 19:09:23 +02:00
Update README: When to use raou, clarifications 2020-09-26 19:13:48 +02:00			`path must contain the absolute path of the to be executed command.`

			`#### Optional fields`
added README 2018-10-05 19:09:23 +02:00
Update README: When to use raou, clarifications 2020-09-26 19:13:48 +02:00			`args (string): If you want to leave out optional arguments (argv) to path,`
			`simply don't include this. Otherwise, specify them here.`
improved README format 2019-08-11 12:18:15 +02:00			```
			`...`
added README 2018-10-05 19:09:23 +02:00			`args -v -ltr`
improved README format 2019-08-11 12:18:15 +02:00			```
Update README: When to use raou, clarifications 2020-09-26 19:13:48 +02:00			`allow_args (1 or 0, default 0): Allow arbitrary arguments, so:`
improved README format 2019-08-11 12:18:15 +02:00			```
added README 2018-10-05 19:09:23 +02:00			`raou backup /path`
improved README format 2019-08-11 12:18:15 +02:00			```
added README 2018-10-05 19:09:23 +02:00
Update README: When to use raou, clarifications 2020-09-26 19:13:48 +02:00			Will execute the command specified in path of the ```backup``` entry with "/path" as argv[1] instead of the argument specified with "args" in the config file.
added README 2018-10-05 19:09:23 +02:00
Update README: When to use raou, clarifications 2020-09-26 19:13:48 +02:00			`no_new_privs (1 or 0, default 1): Processes launched with this option active`
			`won't be able to gain more privileges, even when they call setuid programs. This can break some programs.`
added README 2018-10-05 19:09:23 +02:00
Update README: When to use raou, clarifications 2020-09-26 19:13:48 +02:00			`env_vars (string): A comma-separated list of environment variables to inherit`
added README 2018-10-05 19:09:23 +02:00			`from the current environment. Everything else will be wiped (but others`
			`like HOME, SHELL etc. will be appropriately set).`

Update README: When to use raou, clarifications 2020-09-26 19:13:48 +02:00			`argv0 (string): Set this option if you want to provide your own value as "argv0"`
added README 2018-10-05 19:09:23 +02:00			`The default is the name of the launched binary (not the whole path).`