mirror of
https://github.com/slicer69/doas
synced 2024-07-01 06:54:29 +00:00
Merge branch 'master' of https://github.com/slicer69/doas
This commit is contained in:
commit
61f9fabcca
11
Makefile
11
Makefile
|
@ -26,6 +26,10 @@ ifeq ($(UNAME_S),FreeBSD)
|
|||
CFLAGS+=-DHAVE_LOGIN_CAP_H
|
||||
LDFLAGS+=-lutil
|
||||
endif
|
||||
ifeq ($(UNAME_S),MidnightBSD)
|
||||
CFLAGS+=-DHAVE_LOGIN_CAP_H
|
||||
LDFLAGS+=-lutil
|
||||
endif
|
||||
ifeq ($(UNAME_S),NetBSD)
|
||||
CFLAGS+=-DHAVE_LOGIN_CAP_H -D_OPENBSD_SOURCE
|
||||
OBJECTS=doas.o env.o y.tab.o
|
||||
|
@ -47,7 +51,7 @@ ifeq ($(UNAME_S),Darwin)
|
|||
MANDIR=$(DESTDIR)$(PREFIX)/share/man
|
||||
endif
|
||||
|
||||
FINALS=doas.1.final doas.conf.5.final vidoas.final vidoas.8.final
|
||||
FINALS=doas.1.final doas.conf.5.final vidoas.final vidoas.8.final
|
||||
|
||||
all: $(BIN) $(FINALS)
|
||||
|
||||
|
@ -72,19 +76,24 @@ install: $(BIN) $(FINALS)
|
|||
chmod 4755 $(DESTDIR)$(PREFIX)/bin/$(BIN)
|
||||
cp vidoas.final $(DESTDIR)$(PREFIX)/bin/vidoas
|
||||
chmod 755 $(DESTDIR)$(PREFIX)/bin/vidoas
|
||||
cp doasedit $(DESTDIR)$(PREFIX)/bin/doasedit
|
||||
chmod 755 $(DESTDIR)$(PREFIX)/bin/doasedit
|
||||
mkdir -p $(MANDIR)/man1
|
||||
cp doas.1.final $(MANDIR)/man1/doas.1
|
||||
mkdir -p $(MANDIR)/man5
|
||||
cp doas.conf.5.final $(MANDIR)/man5/doas.conf.5
|
||||
mkdir -p $(MANDIR)/man8
|
||||
cp vidoas.8.final $(MANDIR)/man8/vidoas.8
|
||||
cp doasedit.8 $(MANDIR)/man8/doasedit.8
|
||||
|
||||
uninstall:
|
||||
rm -f $(DESTDIR)$(PREFIX)/bin/doas
|
||||
rm -f $(DESTDIR)$(PREFIX)/bin/vidoas
|
||||
rm -f $(DESTDIR)$(PREFIX)/bin/doasedit
|
||||
rm -f $(MANDIR)/man1/doas.1
|
||||
rm -f $(MANDIR)/man5/doas.conf.5
|
||||
rm -f $(MANDIR)/man8/vidoas.8
|
||||
rm -f $(MANDIR)/man8/doasedit.8
|
||||
|
||||
clean:
|
||||
rm -f $(BIN) $(OBJECTS) y.tab.c
|
||||
|
|
20
README.md
20
README.md
|
@ -1,5 +1,5 @@
|
|||
# doas
|
||||
A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, illumos and macOS.
|
||||
A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, illumos, macOS and MidnightBSD.
|
||||
|
||||
The doas utility is a program originally written for OpenBSD which allows a user to run a command as though they were another user. Typically doas is used to allow non-privileged users to run commands as though they were the root user. The doas program acts as an alternative to sudo, which is a popular method in the Linux community for granting admin access to specific users.
|
||||
|
||||
|
@ -27,7 +27,14 @@ The doas command is in FreeBSD's ports collection and may be installed by simply
|
|||
|
||||
pkg install doas
|
||||
|
||||
The doas command may be installed from MidnightBSD's mports collection with:
|
||||
|
||||
mport install doas
|
||||
|
||||
The doas command may be installed from [Pacstall](https://github.com/pacstall/pacstall) (Debian/Ubuntu) with:
|
||||
|
||||
pacstall -I doas-git
|
||||
|
||||
## Installing build tools
|
||||
|
||||
1 - The doas program has virtually no dependencies. So long as you have a compiler (such as the GNU Compiler or Clang) installed and GNU make (gmake on NetBSD, FreeBSD, and illumos). On illumos, the build-essential package will install all the necessary build tools.
|
||||
|
@ -64,7 +71,7 @@ The doas command is in FreeBSD's ports collection and may be installed by simply
|
|||
|
||||
make
|
||||
|
||||
#### FreeBSD, NetBSD and macOS
|
||||
#### FreeBSD, MidnightBSD, NetBSD and macOS
|
||||
|
||||
gmake
|
||||
|
||||
|
@ -98,7 +105,7 @@ following lines:
|
|||
After you save this file you may need to reboot in order for the change to take effect.
|
||||
|
||||
|
||||
#### FreeBSD and NetBSD
|
||||
#### FreeBSD, MidnightBSD and NetBSD
|
||||
|
||||
gmake install
|
||||
|
||||
|
@ -161,6 +168,11 @@ Create a new file in the root user's home:
|
|||
|
||||
doas touch /root/new-file
|
||||
|
||||
Edit a text file which requires admin access without running the text editor
|
||||
as the root user:
|
||||
|
||||
doasedit /path/to/text/file
|
||||
|
||||
On Linux versions of doas prior to 6.3p1 required commands with arguments to be prefixed by a double-dash (--). From 6.3p1 and onward the double-dash is no longer required. Here we remove a directory owned by root:
|
||||
|
||||
doas -- rm -rf old-directory
|
||||
|
@ -180,6 +192,6 @@ while on most other platforms, such as FreeBSD, you can run
|
|||
|
||||
## Contributing
|
||||
|
||||
Contributions, in various forms, are always welcome. If you run into a problem or have an improvement you'd like to see included, pelase use GitHub's tools to submit an issue ticket or a pull request. Should you encounter a bug you feel is a security concern, please contact the developer privately at jessefrgsmith AT yahoo DOT ca.
|
||||
Contributions, in various forms, are always welcome. If you run into a problem or have an improvement you'd like to see included, please use GitHub's tools to submit an issue ticket or a pull request. Should you encounter a bug you feel is a security concern, please contact the developer privately at jessefrgsmith AT yahoo DOT ca.
|
||||
|
||||
Financial donations are always welcome and can be submitted via PayPal to jessefrgsmith AT yahoo DOT ca or through Patreon at https://www.patreon.com/sysvinit . Thank you for your support.
|
||||
|
|
|
@ -46,7 +46,7 @@ closefrom(int lowfd)
|
|||
int i;
|
||||
|
||||
/* Use /proc/self/fd (or /dev/fd on FreeBSD) if it exists. */
|
||||
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__)
|
||||
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__) || defined(__MidnightBSD__)
|
||||
path = "/dev/fd";
|
||||
# else
|
||||
path = "/proc/self/fd";
|
||||
|
|
4
doas.1
4
doas.1
|
@ -76,7 +76,9 @@ would prompt for password.
|
|||
.It Fl S
|
||||
Same as
|
||||
.Fl s
|
||||
but simulates a full login.
|
||||
but simulates a full login. Please note this may result in doas applying resource limits
|
||||
to the user based on the target user's login class. However, environment variables
|
||||
applicable to the target user are still stripped, unless KEEPENV is specified.
|
||||
.It Fl s
|
||||
Execute the shell from
|
||||
.Ev SHELL
|
||||
|
|
6
doas.c
6
doas.c
|
@ -199,7 +199,7 @@ checkconfig(const char *confpath, int argc, char **argv,
|
|||
struct rule *rule;
|
||||
int status;
|
||||
|
||||
#if defined(__linux__) || defined(__FreeBSD__)
|
||||
#if defined(__linux__) || defined(__FreeBSD__) || defined(__MidnightBSD__)
|
||||
status = setresuid(uid, uid, uid);
|
||||
#else
|
||||
status = setreuid(uid, uid);
|
||||
|
@ -526,7 +526,7 @@ main(int argc, char **argv)
|
|||
LOGIN_SETUSER) != 0)
|
||||
errx(1, "failed to set user context for target");
|
||||
#else
|
||||
#if defined(__linux__) || defined(__FreeBSD__)
|
||||
#if defined(__linux__) || defined(__FreeBSD__) || defined(__MidnightBSD__)
|
||||
if (setresgid(target_pw->pw_gid, target_pw->pw_gid, target_pw->pw_gid) == -1)
|
||||
err(1, "setresgid");
|
||||
#else
|
||||
|
@ -535,7 +535,7 @@ main(int argc, char **argv)
|
|||
#endif
|
||||
if (initgroups(target_pw->pw_name, target_pw->pw_gid) == -1)
|
||||
err(1, "initgroups");
|
||||
#if defined(__linux__) || defined(__FreeBSD__)
|
||||
#if defined(__linux__) || defined(__FreeBSD__) || defined(__MidnightBSD__)
|
||||
if (setresuid(target, target, target) == -1)
|
||||
err(1, "setresuid");
|
||||
#else
|
||||
|
|
94
doasedit
Executable file
94
doasedit
Executable file
|
@ -0,0 +1,94 @@
|
|||
#!/bin/sh
|
||||
# Copy an existing text file to a temporary location. Then
|
||||
# Edit the file.
|
||||
# Attempt to then transfer the temporary file back to the original
|
||||
# location if the temprary file has been altered.
|
||||
# Conclude with a little clean-up.
|
||||
# Try to avoid deleting any changes.
|
||||
|
||||
if [ $# -lt 1 ]
|
||||
then
|
||||
echo "usage: $0 text-file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f "$1" ]
|
||||
then
|
||||
echo "File does not exist or is a special file/link."
|
||||
exit 2
|
||||
fi
|
||||
|
||||
if [ -L "$1" ]
|
||||
then
|
||||
echo "File is a symbolic link. Refusing to edit."
|
||||
exit 2
|
||||
fi
|
||||
|
||||
if [ ! -r "$1" ]
|
||||
then
|
||||
echo "This user is unable to read the specified file."
|
||||
exit 3
|
||||
fi
|
||||
|
||||
temp_file=$(mktemp --tmpdir doasedit.XXXXXXXX)
|
||||
if [ ! $? ]
|
||||
then
|
||||
echo "Could not create temporary file."
|
||||
exit 4
|
||||
fi
|
||||
|
||||
cp "$1" "$temp_file"
|
||||
if [ ! $? ]
|
||||
then
|
||||
echo "Unable to copy file $1"
|
||||
exit 5
|
||||
fi
|
||||
|
||||
# If $VISUAL fails, run $EDITOR.
|
||||
# $EDITOR should be a line editor functional without advanced terminal features.
|
||||
# $VISUAL is a more advanced editor such as vi.
|
||||
"${VISUAL:-vi}" "$temp_file"
|
||||
if [ ! $? ]
|
||||
then
|
||||
"${EDITOR:-ex}" "$temp_file"
|
||||
if [ ! $? ]
|
||||
then
|
||||
echo "Could not run visual editor $VISUAL"
|
||||
echo "Could not run editor $EDITOR"
|
||||
echo "Please make sure the VISUAL and/or EDITOR variables are set."
|
||||
rm -f "$temp_file"
|
||||
exit 6
|
||||
fi
|
||||
fi
|
||||
|
||||
# Check to see if the file has been changed.
|
||||
cmp -s "$1" "$temp_file"
|
||||
status=$?
|
||||
if [ $status -eq 0 ]
|
||||
then
|
||||
echo "File unchanged. Not writing back to original location."
|
||||
rm -f "$temp_file"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# At this point the file has been changed. Make sure it still exists.
|
||||
if [ -f "$temp_file" ]
|
||||
then
|
||||
doas cp "$temp_file" "$1"
|
||||
cmp -s "$temp_file" "$1"
|
||||
status=$?
|
||||
# If file fails to copy, do not do clean-up
|
||||
while [ $status -ne 0 ]
|
||||
do
|
||||
echo "Copying file back to $1 failed. Press Ctrl-C to abort or Enter to try again."
|
||||
read abc
|
||||
doas cp "$temp_file" "$1"
|
||||
cmp -s "$temp_file" "$1"
|
||||
status=$?
|
||||
done
|
||||
fi
|
||||
|
||||
# Clean up
|
||||
rm -f "$temp_file"
|
||||
exit 0
|
||||
|
54
doasedit.8
Normal file
54
doasedit.8
Normal file
|
@ -0,0 +1,54 @@
|
|||
.\"
|
||||
.\" Copyright (c) 2021 Jesse Smith <jessefrgsmith@yahoo.ca>
|
||||
.\"
|
||||
.\" Permission to use, copy, modify, and distribute this software for
|
||||
.\" any purpose with or without fee is hereby granted, provided that
|
||||
.\" the above copyright notice and this permission notice appear in all
|
||||
.\" copies.
|
||||
.\"
|
||||
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
|
||||
.\" WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
|
||||
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
|
||||
.\" AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
|
||||
.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
|
||||
.\" OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
|
||||
.\" TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
||||
.\" PERFORMANCE OF THIS SOFTWARE.
|
||||
.\"
|
||||
.Dd September 13, 2021
|
||||
.Dt DOASEDIT 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm doasedit
|
||||
.Nd edit a text file and then write the file back to its original location with admin access
|
||||
.Sh SYNOPSIS
|
||||
.Nm
|
||||
.Op Ar file
|
||||
.Sh DESCRIPTION
|
||||
The
|
||||
.Nm
|
||||
utility opens an editor on a temporary copy of a
|
||||
text file. Once the file has been altered, it is written
|
||||
back to the original location, using doas for elevated access.
|
||||
This is intended for use in editing configuration files where
|
||||
the user may need to be root to edit a file, but does not wish
|
||||
to run their text editor as the super user.
|
||||
.Pp
|
||||
The doasedit utility accepts one argument, the file to
|
||||
be edited. The text editor used during the editing process
|
||||
is set using the VISUAL environment variable. If VISUAL fails
|
||||
to run, EDITOR is tried instead.
|
||||
.El
|
||||
.Sh EXIT STATUS
|
||||
.Ex -std
|
||||
.Sh ENVIRONMENT
|
||||
.Bl -tag -width EDITOR
|
||||
.It Ev EDITOR
|
||||
The editor command used for editing the target text file.
|
||||
If no EDITOR variable is set, then the command vi is used.
|
||||
.El
|
||||
.Sh SEE ALSO
|
||||
.Xr doas 1 ,
|
||||
.Xr doas.conf 5
|
||||
.Sh AUTHORS
|
||||
.An Jesse Smith Aq Mt jessefrgsmith@yahoo.ca
|
2
env.c
2
env.c
|
@ -102,7 +102,7 @@ copyenvpw(struct passwd *my_static)
|
|||
new_pw->pw_passwd = strdup(my_static->pw_passwd);
|
||||
new_pw->pw_uid = my_static->pw_uid;
|
||||
new_pw->pw_gid = my_static->pw_gid;
|
||||
#if defined(__FreeBSD__)
|
||||
#if defined(__FreeBSD__) || defined(__MidnightBSD__)
|
||||
new_pw->pw_class = strdup(my_static->pw_class);
|
||||
#endif
|
||||
new_pw->pw_gecos = strdup(my_static->pw_gecos);
|
||||
|
|
Loading…
Reference in New Issue
Block a user