diff options
author | Jakob Kaivo <jkk@ung.org> | 2021-02-01 13:16:40 -0500 |
---|---|---|
committer | Jakob Kaivo <jkk@ung.org> | 2021-02-01 13:16:40 -0500 |
commit | 083ccc2fcc8a9adc4c5c318c70d66cea8670fb75 (patch) | |
tree | 3b2b4010d6462395c0fc8963f57d0a433af2e06c /README.md | |
parent | 56a7bd183c92c4f1b519376ccd6155a24bae970c (diff) |
add some notes on configuration
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 23 |
1 files changed, 23 insertions, 0 deletions
@@ -35,3 +35,26 @@ casual inspection of which accounts are allowed to elevate privileges), and is the location of all complexity. It is responsible for parsing `/etc/privexec.conf` and determining whether the given user is authorized to run the given command. + +Configuration is done via `/etc/privexec.conf`. The format is intentionally +strict. Each may be blank, a comment (beginning with a '#' character in the +first column), or a directive. Directives are of the form: + + <keyword> <principal> [command] + +Where `<keyword>` is one of `authorized`, `authenticate`, or `deny`; +`<principal>` is either a username or a group name prepended with ':', and +`[command]` is an optional command. Tokens must be separated by exactly one +space. Additional white space is not allowed. + +The entire configuration file is parsed whenever `privexec` invokes `check`. +Any syntax errors will result in failure. Privilege checking is performed so +as to be most restrictive. In order from least to most: + + `authorized` - The user is authorized to execute the associate command + without further interaction. + + `authenticate` - The user must authenticate themself before the command + is executed. This is handled by PAM with the service name `privexec`. + + `deny` - The user is not permitted to execute the command. |