Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site bbncc5.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!panda!talcott!harvard!bbnccv!bbncc5!cspencer From: cspen...@bbncc5.UUCP (Clifford Spencer) Newsgroups: net.sources Subject: Re: An alternative to `asroot' Message-ID: <328@bbncc5.UUCP> Date: Mon, 9-Dec-85 16:39:21 EST Article-I.D.: bbncc5.328 Posted: Mon Dec 9 16:39:21 1985 Date-Received: Wed, 11-Dec-85 03:24:32 EST References: <2821@watvlsi.UUCP> <3702@cbrma.UUCP> Distribution: net Organization: Bolt Beranek and Newman, Cambridge, MA Lines: 233 > >momentarily give a process root permissions. > Here's an alternative to `asroot.' This is a small program which does Okay I'll bite, here's my `sudo' program that tries to maintain some control over who runs it. % sudo command runs that command as root.bin # This is a shell archive. Remove anything before this line, then # unpack it by saving it in a file and typing "sh file". (Files # unpacked will be owned by you and have default permissions.) # # This archive contains: # sudo.c Makefile sudo.8 echo x - sudo.c sed -e 's/^X//' > "sudo.c" << '//E*O*F sudo.c//' X#ifndef lint Xstatic char rcsid[]="$Header: sudo.c,v 1.3 85/11/09 16:07:18 cspencer Exp $"; X#endif lint X/* X * sudo - run a command as su. X * to compile: X * cc -O sudo.c -o sudo.c; /etc/chown root sudo; chmod u+s sudo X */ X#include X#include X#include X#include X#include X Xchar *userfile = "/usr/adm/sudo.users"; X/* define LOGFILE to log all commands run as sudo - some find this offensive */ X#define LOGFILE "/usr/adm/sudo.log" X Xchar *progname; X Xmain(argc, argv) Xint argc; Xchar *argv[]; X{ X char *checkname(); X char *username; X int uid; X X progname = argv[0]; X X if(argc < 2) { X fprintf(stderr, "usage: %s cmd\n", progname); X exit(-1); X } X X /* remember who this user really is */ X uid = getuid(); X X if((setuid(0)) < 0) X eperror("setuid"); X X if((setgid(3)) < 0) X eperror("setgid"); X X if (( username = checkname(uid)) == NULL) X exit(1); X argv++, argc--; X#ifdef LOGFILE X log(username, argc, argv); X#endif LOGFILE X execvp(*argv, argv); X eperror(*argv); X} X X/* X * look for a user in USERFILE - check perms and modes of USERFILE X */ Xlookup(name) Xchar *name; X{ X register FILE *fp; X char buf[BUFSIZ]; X struct stat statb; X X if (stat(userfile, &statb)) X eperror(userfile); X X if (statb.st_uid != 0) X errexit("%s must be owned by root\n", userfile); X X if (statb.st_mode & 022) /* should be og-w */ X errexit("bad modes on %s\n", userfile); X X if ((fp = fopen(userfile,"r")) == 0 ) X eperror(userfile); X X while ((fscanf(fp,"%s",buf)) != EOF) X if(buf[0] == '#') /* munch comments */ X fgets(buf,BUFSIZ,fp); X else if((strncmp(buf,name,strlen(name))) == 0) { X return 1; X break; X } X return 0; X} X X X/* X * get this user's name and check if that name list of permitted users X */ Xchar * Xcheckname(uid) Xregister int uid; X{ X struct passwd *pw; X X if ((pw = getpwuid(uid)) == NULL) X return NULL; X if(lookup(pw->pw_name) == 0) { X fprintf(stderr,"nope\n"); X return NULL; X } X return pw->pw_name; X} X X#ifdef LOGFILE X/* X * log this command in the log file X */ Xlog(username, argc, argv) Xchar *username; Xint argc; Xchar **argv; X{ X register FILE *fp; X long now; X char *ctime(); X X time(&now); X fp = fopen(LOGFILE,"a"); X if (fp == NULL) X errexit("can't open %s.\n", LOGFILE); X X fprintf (fp, "%20.20s ", ctime(&now)); X X fprintf (fp,"%s: ",username); X while (argc--) X fprintf (fp,"%s ",*argv++); X fprintf (fp,"\n"); X fclose (fp); X return 0; X} X#endif LOGFILE X Xeperror(s) Xregister char *s; X{ X fprintf(stderr,"%s: ",progname); X perror(s); X exit(-1); X} X Xerrexit(fmt, arg) Xregister char *fmt, *arg; X{ X fprintf(stderr,"%s: ", progname); X fprintf(stderr, fmt, arg); X exit(-1); X} //E*O*F sudo.c// echo x - Makefile sed -e 's/^X//' > "Makefile" << '//E*O*F Makefile//' XCFLAGS=-O XLIBES= XDESTDIR=/u1/cspencer XINSTALL=/usr/bin/install X Xall: sudo X Xinstall all.install: sudo.install X Xsudo.install: sudo X ${INSTALL} -m 4755 -o root sudo ${DESTDIR} X Xsudo: sudo.o X cc ${CFLAGS} sudo.o -o sudo ${LIBES} Xclean: X -rm -f sudo.o make.out sudo //E*O*F Makefile// echo x - sudo.8 sed -e 's/^X//' > "sudo.8" << '//E*O*F sudo.8//' X.TH SUDO 8 X.SH NAME Xsudo \- do a super thing X.SH SYNOPSIS X.B sudo Xcommand X.SH DESCRIPTION X.I Sudo Xallows a permitted user to execute a command as root. X.I Sudo Xdetermines who is an authorized user by consulting the file X.I sudo.users. XIf a match is found X.I command Xis executed with uid 0 and gid 3. XLines in X.I sudo.users Xbeginning with a X.I '#' Xare considered comments and are ignored. X.SH DIAGNOSTICS X.I Sudo Xwill complain and exit if X.I sudo.users Xis not owned by root or if it is writeable by anyone other than root. X.SH BUGS XShell builtins such as X.I 'cd' Xwill fail. X.SH FILES X.nf X/usr/adm/sudo.users list of authorized users X.br X/usr/adm/sudo.log record of all invocations of sudo X.fi X.SH SEE ALSO Xsu(1) //E*O*F sudo.8// exit 0 -- cliff spencer {harvard, ihnp4, decvax}!bbnccv!cspencer cspen...@bbncc5.arpa .