mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 21:05:08 +00:00
8aac90f18a
This policy enables a user to become another user without having to be root (hence no setuid binary). it is configured via rules using sysctl security.mac.do.rules For example: security.mac.do.rules=uid=1001:80,gid=0:any The above rule means the user identifier by the uid 1001 is able to become user 80 Any user of the group 0 are allowed to become any user on the system. The mdo(1) utility expects the MAC/do policy to be installed and its rules defined. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D45145
45 lines
695 B
Groff
45 lines
695 B
Groff
.\"-
|
|
.\" Copyright(c) 2024 Baptiste Daroussin <bapt@FreeBSD.org>
|
|
.\"
|
|
.\" SPDX-License-Identifier: BSD-2-Clause
|
|
.\"
|
|
.Dd May 22, 2024
|
|
.Dt MDO 1
|
|
.Os
|
|
.Sh NAME
|
|
.Nm mdo
|
|
.Nd execute commands as another user
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl u Ar username
|
|
.Op Fl i
|
|
.Op command Op args
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Nm
|
|
utility executes the specified
|
|
.Ar command
|
|
as user
|
|
.Ar username .
|
|
.Pp
|
|
If no
|
|
.Ar username
|
|
is provided it defaults to the
|
|
.Va root
|
|
user.
|
|
If no
|
|
.Ar command
|
|
is specified, it will execute the shell specified as
|
|
.Va SHELL
|
|
environnement variable, falling back on
|
|
.Pa /bin/sh .
|
|
.Pp
|
|
The
|
|
.Fl i
|
|
option can be used to only call
|
|
.Fn setuid
|
|
and keep the group from the calling user.
|
|
.Sh SEE ALSO
|
|
.Xr su 1
|
|
.Xr mac_do 4
|