sud0
sud0 - minimalistic sudo for automation
Sud0 is a tiny implementation of a subset of functionality sudo offers:
it can run predefined command lines for specific users, switching to another user (including root), as configured.
Downloads and contact
What sud0 is
sud0 is a minimalistic implementation of a subset of sudo functionality:
- it should be setuid root
- it reads a config file
- it compares command line arguments to see if the config file permits running
the given command line
- if that test passes, it runs the command line as root (or optionally
as the specified user)
Optionally:
- the runtime config file can set condition on permitting specific
command lines, for example check source and/or target user
- as a compile time option sud0 can check on a source file/dir for the
runtime config and if it's newer than the config file, call the user
configured generator to re-generate the config. This is how sud0.d/
can be implemented
What sud0 can not do:
- it never asks for password
- it never looks at the hostname
- it doesn't keep running (it uses execve() to start the target process)
Typical use case
Let specific users temporary switch to other user (including root) to
execute specific commands. For example let the user that runs the web
server run a privileged printer command with a specific set of parameters
(but no other command or no other parameters) to get the printer re-connected
or initialized, which is useful for a web based printing service.
Why use it instead of sudo
- it's much smaller
- the config file has a simpler syntax
- smaller CPU/memory footprint
- easier to port to exotic UNIX based systems