-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
402 additions
and
354 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,19 +1,33 @@ | ||
| # Introduction | ||
|
|
||
| **RootAsRole** is a prject to allow Linux/Unix administrators to delegate their administrative tasks access rights to users. This tool allows you to configure your privilege access management more securely on a single operating system. | ||
| **RootAsRole** is a project to allow Linux/Unix administrators to delegate their administrative tasks access rights to users. Its main features are : | ||
|
|
||
| Unlike sudo, this project sets the principle least privilege on its core features. Like sudo, this project wants to be usable. More than sudo, we care about configurators, and we try to warn configurators about dangerous manipulations. | ||
|
|
||
| By using a role-based access control model, this project allows us to better manage administrative tasks. With this project, you could distribute privileges and prevent them from escalating directly. Unlike sudo does, we don't want to give entire privileges for any insignificant administrative task. You can configure our tool easily with `chsr` command. To find out which capability is needed for a administrative command, we provide the `capable` command. With these two tools, administrators could respect the least privilege principle on their system. | ||
|
|
||
| What we offer that sudo don't : | ||
| * [Linux Capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) support | ||
| * [A structured access control model based on Roles](https://dl.acm.org/doi/10.1145/501978.501980) | ||
| * Command matching based on commonly-used open-source libraries | ||
| * [Role hierarchy](https://dl.acm.org/doi/10.1145/501978.501980) | ||
| * [Static/Dynamic Separation of Duties](https://dl.acm.org/doi/10.1145/501978.501980) | ||
| * [Linux Capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) support, to minimize the privileges of the user executing the command. | ||
| * Prevent the escalation of privileges via Bounding set manipulation. | ||
| * [Highly configurable](chsr/README.md) with a simple command line interface. This interface is designed to be as easy as `ip` command. | ||
| * File relocation ability. | ||
| * Multi-layered and inheritable execution environment configuration. | ||
| * Interoperable and evolvable by using [JSON](https://www.json.org/) as the main configuration file format. | ||
| * Command matching based on commonly-used open-source libraries: | ||
| * [glob](https://docs.rs/glob/latest/glob/) for binary path | ||
| * [PCRE2](https://www.pcre.org/) for command arguments | ||
| * Standardized file configuration with [JSON](https://www.json.org/) | ||
| * Separation of duties. | ||
| * Multi-layered configuration. | ||
| * A simple and easy-to-use configuration command line interface. | ||
|
|
||
| ## Usage | ||
|
|
||
| The main command line tool is `sr`. It allows you to execute a command by simply typing: | ||
|
|
||
| ```bash | ||
| sr <command> | ||
| ``` | ||
|
|
||
| You can find more information about this command in the [sr](sr/README.md) section. | ||
|
|
||
| The `chsr` command allows you to configure the roles and capabilities of the system. You can find more information about this command in the [Configure RootAsRole](chsr/README.md) section. | ||
|
|
||
| ## Comparison with sudo | ||
|
|
||
| By using a role-based access control model, this project allows us to better manage administrative tasks. With this project, you could distribute privileges and prevent them from escalating directly. Unlike sudo does, we don't want to give entire privileges for any insignificant administrative task. You can configure our tool easily with `chsr` command. To find out which capability is needed for a administrative command, we provide the `capable` command. With these two tools, administrators could configure its system to respect the least privilege principle. | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.