Re: mdo(1) run as another user without setuid bit
- In reply to: Tomek CEDRO : "Re: mdo(1) run as another user without setuid bit"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 14 May 2024 13:09:24 UTC
On Tue 14 May 15:04, Tomek CEDRO wrote: > On Tue, May 14, 2024 at 9:17 AM Baptiste Daroussin wrote: > > Hello everyone, > > This is an idea that I have been thinking about for a while (actually since > > 2015) and that I have been trying to implement a couple of days ago. > > On server usage of FreeBSD one thing which often happen is we segregate services > > with their own users (service_user). > > We also give access to the administrators of those services via their own ssh > > keys on their own user (foo) account and of course we want to allow "foo" to run > > some commands as "service_user" or get "service_user" privileges. > > Usually this is done via some sudo or some doas configuration which both > > involved first become root via the setuid bit. > > In many cases doas or sudo are overkill for this sole purpose. To cover this > > need, I thought we could write a very simple tool which will leverage the mac > > framework to make sure we could switch credentials without the need of the > > setuid root. > > Here comes the idea of mac_do(4) policy. > > This is a kernel module policy which allows calling setuid and setgroup from a > > non root user, according to some policy root and if the request comes from the > > /usr/bin/mdo binary. > > (..) > > So when I have several users / client accounts to manage I can use my > standard non-root user to perform actions on behalf of enabled users.. > just like su client1 but without providing password? Env will be also > switched to that target user? :-) Yes about the like su client1 About the env, right now, no, but the set of feature provided by the mdo(1) can be discussed here, as long as it remain really simple. Best regards, Bapt