sud0 - minimalistic sudo for automation

Sud0 is a tiny implementation of a subset of functionality sudo offers: it can run predefined command lines for specific users, switching to another user (including root), as configured.

Downloads and contact

• Version control: svn://svn.repo.hu/sud0
• There are stable release tarballs available
• contact the maintainer
• License: GPL2+
• Example config (also the config syntax doc)
• Compile time configuration

What sud0 is

sud0 is a minimalistic implementation of a subset of sudo functionality:

• it should be setuid root
• it reads a config file
• it compares command line arguments to see if the config file permits running the given command line
• if that test passes, it runs the command line as root (or optionally as the specified user)

Optionally:

• the runtime config file can set condition on permitting specific command lines, for example check source and/or target user
• as a compile time option sud0 can check on a source file/dir for the runtime config and if it's newer than the config file, call the user configured generator to re-generate the config. This is how sud0.d/ can be implemented

What sud0 can not do:

• it never asks for password
• it never looks at the hostname
• it doesn't keep running (it uses execve() to start the target process)

Typical use case

Let specific users temporary switch to other user (including root) to execute specific commands. For example let the user that runs the web server run a privileged printer command with a specific set of parameters (but no other command or no other parameters) to get the printer re-connected or initialized, which is useful for a web based printing service.

Why use it instead of sudo

• it's much smaller
• the config file has a simpler syntax
• smaller CPU/memory footprint
• easier to port to exotic UNIX based systems