NAME

runas.access - access control file for runas


DESCRIPTION

This documentation is no longer being maintained and may be inaccurate or incomplete. The texinfo documentation is now the authoritative source.

The runas.access file contains access control entries for allowing users to run a process with a modified effective user and/or group id using runas(8).

Lines beginning with `#' are ignored. The maximum size of each field is 1024 bytes. The maximum size for a single access entry is 2048 bytes. Each access control entry consists of a line containing whitespace between individual fields of the form:

basename path runuid rungid args reason accesslist


OPTIONS

basename

A unique, alphanumeric mnemonic for each operator function.

path

The complete pathname of the program to run, as associated with the mnemonic basename. If the TIGHT_CHECKING option was defined at compile time, then the file this path refers to cannot be a symbolic link and cannot be world nor group writable.

runuid

The uid or user name of the user to change to before executing path. A runuid of ``null'' or ``-1'' can be specified if the effective uid of the process is to remain unchanged.

rungid

The gid or group name of the group to change to before executing path. A rungid of ``null'' or ``-1'' can be specified if the effective gid of the process is to remain unchanged.

args

Specifies if arguments should be allowed to be passed to path. Case insensitive boolean settings of ``yes'' or ``no'' are valid.

reason

Specifies if the user should be prompted for a reason why basename is to be executed. The response must be more than 3 characters in length and will be sent to syslogd. Case insensitive boolean settings of ``yes'' or ``no'' are valid.

accesslist

A comma seperated list of uids, usernames, gids, groupnames, and/or netgroups allowed to execute path as runuid.rungid. Unless specified by a preceding ``-'', each comma seperated uid or username grants access to execute path. (A ``+'' is allowed before each token in the accesslist to denote ``positiveness'' for clarity, but is not necessary as this is the default inferred access value).

Group entries must be of the form:

+%group

The above will add an access list entry for each user listed in group to execute path while entries of the form:

-%group

will remove access list entries for executing path for the users named in group.

Netgroup entries must be of the form:

+@netgroup

The above will add an access list entry for each user listed in netgroup to execute path while entries of the form:

-@netgroup

will remove access list entries for executing path for the users named in netgroup.

Positive and negative entries can be combined in a single accesslist to provide flexibility. The example accesslist:

+@netgroup,-username

grants access to all users listed in netgroup, except username, to run path.

The example accesslist:

%group,@netgroup

grants access to all users listed in group group and netgroup netgroup, to run path.

To ensure that negative entries are not removed before their conterpart positive entries are added, the accesslist is internally sorted so that all positive entries are added before any negative entries are removed.


SECURITY

When TIGHT_CHECKING has been defined, then further constraints are put upon the access control file: cannot be a link, cannot be a relative path, must be owned by user ACF_UID and group ACF_GID and must have a mode of ACF_MODE.


SPECIAL

There is one special case of basename and pathname which may appear only once and must be the last entry in the access control file. If both of these fields are set to ``*'' (indicating a wildcard), then every command not already listed in the access control file can be run as the user specified in runuid and as the group specified in rungid.

The example runas.access entry:

* * consult staff yes no %monitor

would let users belonging in group monitor to run commands as user consult and group staff.


AUTHORS

The access control file portion of runas was written by Chris Carpinello.


SEE ALSO

runas(8), syslogd(8), netgroup(5), group(5)