From owner-freebsd-hackers Wed Aug 14 06:45:30 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id GAA29854 for hackers-outgoing; Wed, 14 Aug 1996 06:45:30 -0700 (PDT) Received: from smtp.ts.kiev.ua (smtp.ts.kiev.ua [193.124.229.195]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id GAA29828 for ; Wed, 14 Aug 1996 06:44:55 -0700 (PDT) Received: from unicorn.ww.net by smtp.ts.kiev.ua with ESMTP id QAA03715; (8.6.11/zah/2.1) Wed, 14 Aug 1996 16:38:49 +0300 Received: from dawn.ww.net (root@dawn.ww.net [193.124.73.50]) by unicorn.ww.net (8.7.5/alexis 2.5) with ESMTP id RAA08834 for ; Wed, 14 Aug 1996 17:27:22 +0400 (MSD) Received: (from alexis@localhost) by dawn.ww.net (8.7.5/alexis 2.5) id RAA13746 for freebsd-hackers@freebsd.org; Wed, 14 Aug 1996 17:22:18 +0400 (MSD) Message-Id: <199608141322.RAA13746@dawn.ww.net> Subject: permission control tool To: freebsd-hackers@freebsd.org Date: Wed, 14 Aug 1996 17:22:18 +0400 (MSD) From: Alexis Yushin Reply-To: alexis@ww.net (Alexis Yushin) X-Office-Phone: +380 65 2 26.1410 X-Home-Phone: +380 65 2 27.0747 X-NIC-Handle: AY23 X-RIPE-Handle: AY6-RIPE X-Mailer: ELM [version 2.4ME+ PL17 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Midday, The software is written but releasing it as is would be kind of releasing of a trojan horse for many regular users. I am looking for your comments and opinions about this kind of software and how we would modify it to easy permissions control keeping security level sufficient. Thanks, alexis ------------------------------------------------------------------------ DOAS Utility LYRIC ----- First I wanted it as sophisticated as possible. I wrote tons of yacc grammar for every situation. Then I realized that I never need anything except real user id and real group id, and in the most rare cases login name. Well, except of remote host and line, of course. So I have erased much of the code in order to make it lighter and more simple. The grammar now includes no keywords. I think it is for good. I realized that with the current grammar I have very doubtful need in aliases so I removed them from the sources too. In fact in my TODO there is an item to rewrite the parser in pure C code. Mail me if you want anything from the list above back :-) OVERVIEW -------- ``doas'' stands for ``do as'' -- that is do something as somebody. In other words the program lets you execute permitted commands with permitted user and group IDs. USAGE ----- doas user[.group] command Is there anything else to tell about it? CONFIGURATION ------------- The configuration file is a set of permissions and usually resides in /etc called permissions. # This is a single line comment. Every comment starts with '#' sign. Every permission is specified as follows: username1 [(login1)] [.group1] [,username2 ...] [@host1 [,host2 ...]] [:line1 [,line2 ...]] { username[.group] [,username ...] : [ flag [, flag ] : [command path][,command ...] ; username[.group] [,username ...] : [ flag [, flag ] : [command path] [,command ...] ; } If no ``(login)'' specified the loginname check is disabled. When no ``.group'' specified the group id is assumed to be the default login group of the user specified. Empty hostname when '@' sign is there stands for only the local host. Empty line as well as ':' absense stands for any line. Every string or word which is not [*?\[\]!/A-Za-z0-9]* needs to be enclosed into double quotes. Basically these are host names which could contain dots. Everything except of login names and numbers (IDs) is treated as a shell file patterns. Backslash disables the special meaning (if any) of the following character. Commands should be given as absolute pathnames with possible shell patterns. FLAGS ----- Currently flags control environment passing into child process. Initially there is no environment at all and if none is made with flags a standard minimal one supplied. Being processed from left to right the flags do: + (Plus sign by itself) Copies (not overwriting) entire preserved environment to the target process +NAME The same as just plus but only copies variable which NAME is given +NAME=VALUE Overwrites variable NAME with VALUE -NAME Removes variable NAME from target environment vector. PATTERNS -------- Patterns used in doas are sh(1) like. The metacharacters are: '*' -- matches any arbitrary string '?' -- matches any single character '[' -- introduces and matches a class of characters until the subsequent ']' character or single '[' if there is no ']' following. An exclamation sign in the first position of the class complements the whole class. A minus sign not in the first or the last position of the class introduces an interval of characters. An exclaimation sign in the first position of the whole pattern inverses the result of the search. EXAMPLE ------- alexis(alexis).wildwind,ann,anton.300 @,"eddy.ww.net","sunset.ww.net" :* { root.wheel:+PATH,+USER="shut":/sbin/reboot,/sbin/halt,/sbin/fastboot; bin.bin::/usr/bin/install; uucp::/usr/libexec/uucp/uuxqt; } The permission above says that user ``alexis'' with login name ``alexis'' and group id ``wildwind'', user ``ann'' with any login name and any group id, and user ``anton'' with any login name and group id equal to ``300'' from local host and from hosts ``eddy.ww.net'' and ``sunset.ww.net'' being logged in on any (``*'') terminal line can execute: a) as user ``root'', group ``wheel'' /sbin/reboot, /sbin/halt ... b) as user ``bin'', group ``bin'' with their environment not modified (that trailing plus sign) /usr/bin/install c) as user ``uucp'', group equal to the login group of ``uucp'' /usr/libexec/uucp/uuxqt The first line (a) lets a user keep his/her PATH environmental variable and sets USER variable to "shut" value. -- If a camel flies, no one laughs if it doesn't get very far.