Commit 530e65d5 authored by Jaromil's avatar Jaromil

documentation and cli help

parent a76ff953
Pipeline #29 skipped
......@@ -2,7 +2,7 @@ CC?=gcc
LDD?=ld
DESTDIR?=
PREFIX?=/usr/local
VERSION=1.0
VERSION=1.1
USER=root
GROUP=root
......@@ -36,7 +36,7 @@ config.h:
cp config.def.h config.h
.c.o:
$(CC) $(CFLAGS) -c $< -o $@ -DVERSION=${VERSION}
$(CC) $(CFLAGS) -c $< -o $@ -DVERSION=\"${VERSION}\"
clean:
rm -f *.o sup test
......
......@@ -35,6 +35,16 @@ sup's configuration resides in `config.h` and should be set before
building. here below an intuitive example:
```c
// sup's configuration file
// need sup to be re-compiled for any change to be effective
/// un/comment flags below to remove functionalities
#define HASH 1
#define DAEMON 1
// #define DEBUG 1
#ifndef FLAGSONLY
#define USER 1000
#define GROUP -1
......@@ -44,10 +54,6 @@ building. here below an intuitive example:
#define CHROOT ""
#define CHRDIR ""
#define HASH 1
#define ENFORCE 1
static struct rule_t rules[] = {
// allow user to run these programs when found at a specific path location
{ USER, GROUP, "whoami", "/usr/bin/whoami", "" },
......@@ -60,6 +66,7 @@ static struct rule_t rules[] = {
{ USER, GROUP, "*", "*"},
{ 0 }, // end of configuration
};
#endif
```
fields are organized as follows:
......@@ -88,8 +95,8 @@ evaluation purposes, with dynamic links to the `libm` and `libc`
libraries installed system-wide.
for production use, sup should be built as a static binary: this is
easily done by first installing `musl-libc` in its default location and
then using the `make musl` command.
easily done by first installing `musl-libc` in its default location
(`/usr/local/musl`) and then using the `make musl` command inside sup.
## technical details
......@@ -100,9 +107,11 @@ sup consists of 3 files:
- `sha256.c` is optional and provides the hashing functionality if
`# define HASH 1` is set.
sup is written in ansi c with posix1.b compliance for gnu/linux and bsd
systems. it uses `setuid/gid` for privilege escalation and `execv()` to
launch processes as superuser.
sup is written in ansi c with posix1.b compliance for gnu/linux and
bsd systems. it uses `setuid/gid` for privilege escalation and
`execv()` to launch processes as superuser. daemon mode uses `fork()`
to send processes in the background with `NOTTY` and `stdin/out/err`
file descriptors set to `/dev/null`.
## frequently asked questions
......@@ -131,6 +140,12 @@ every time they need to execute something they are entitled to execute
as superusers. with `su` one has to type the root password every time.
also scripts won't work without interaction.
### is sup still a suckless tool?
this new code hasn't been grinded by the merry folks at suckless yet,
but pancake has acknowledged this development and, having left
maintainance, is happy to hand it over to jaromil.
## licensing
sup is copyleft software licensed as GNU Lesser Public License
......@@ -144,3 +159,7 @@ sup is copyleft (c) 2009-2011 by pancake of nopcode.org
the FIPS-180-2 sha-256 implementation optionally included in sup is
copyleft (c) 2001-2003 by Christophe Devine
```
## post scriptum
systemd sucks.
......@@ -48,7 +48,31 @@ struct rule_t {
#include "sha256.h"
#endif
#define HELP "sup [-hldv] [cmd ..]"
static const char *HEADER = "sup " VERSION " - small and beautiful superuser tool\n";
static const char *COPYLEFT =
"copyright (C) 2016 dyne.org foundation, license GNU GPL v3+\n"
"this is free software: you are free to change and redistribute it\n"
"for the latest sourcecode go to <https://git.devuan.org/jaromil/sup>\n";
static const char *LICENSE =
"this source code is distributed in the hope that it will be useful,\n"
"but without any warranty; without even the implied warranty of\n"
"merchantability or fitness for a particular purpose.\n"
"when in need please refer to <http://dyne.org/support>.\n";
static const char *HELP =
"Syntax: sup [options] command [arguments...]\n"
"\n"
"Options:\n"
" -l list compiled-in authorizations and flags\n"
" -u set uid to this user name\n"
" -g set gid to this group name\n"
" -d fork command as background process (daemon)\n"
" -p saves pid of background process to file (daemon)\n"
"\n"
"Please report bugs to <https://git.devuan.org/jaromil/sup/issues>\n";
#define MAXCMD 512
#define MAXFILEPATH 4096
......@@ -186,11 +210,12 @@ int main(int argc, char **argv) {
break;
case 'h':
fprintf(stdout, "%s\n", HELP);
fprintf(stdout, "%s\n%s\n%s", HEADER, COPYLEFT, HELP);
exit (0);
case 'v':
fprintf(stdout, "sup %.1f - small and beautiful superuser tool\n", VERSION);
fprintf(stdout, "%s\n%s\n%s", HEADER, COPYLEFT, LICENSE);
exit (0);
#ifdef DAEMON
......@@ -200,7 +225,7 @@ int main(int argc, char **argv) {
#endif
case 'l':
fprintf(stdout,"List of compiled in authorizations:\n\n");
fprintf(stdout,"%s\n%s\nList of compiled in authorizations:\n\n", HEADER, COPYLEFT);
fprintf(stdout,"User\tUID\tGID\t%s\t\t%s\n",
"Command","Forced PATH");
for (i = 0; rules[i].cmd != NULL; i++) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment