diff options
author | Mattias Andrée <maandree@kth.se> | 2023-06-23 09:11:42 +0200 |
---|---|---|
committer | Mattias Andrée <maandree@kth.se> | 2023-06-23 09:11:42 +0200 |
commit | ebc0fb022c48ced5e690567b3fb4186a3dfbd937 (patch) | |
tree | 82f32fb8b13d64a9a11257526e4b3413c6ae4022 /README | |
download | key2root-ebc0fb022c48ced5e690567b3fb4186a3dfbd937.tar.gz key2root-ebc0fb022c48ced5e690567b3fb4186a3dfbd937.tar.bz2 key2root-ebc0fb022c48ced5e690567b3fb4186a3dfbd937.tar.xz |
First commit
Signed-off-by: Mattias Andrée <maandree@kth.se>
Diffstat (limited to '')
-rw-r--r-- | README | 49 |
1 files changed, 49 insertions, 0 deletions
@@ -0,0 +1,49 @@ +NAME + key2root - authenticate with a keyfile and run a process as the root user + +SYNOPSIS + key2root [-k key-name] [-e] command [argument] ... + +DESCRIPTION + The key2root utility takes a keyfile from the standard input and uses + it to authenticate the user, and if the keyfile is recognised, runs the + specified command with sanitised and updated environment variables and + with the keyfile as the standard input. + +OPTIONS + The key2root utility conforms to the Base Definitions volume of + POSIX.1-2017, Section 12.2, Utility Syntax Guidelines. + + The following option is supported: + + -e Keep the environment variables as is. Neither sanitise nor + update them. + + -k key-name + Check the input keyfile against a specific known key, rather + than checking against all known keys. + +OPERANDS + The following operands are supported: + + command + The command that shall be run with as the root user. This will + be both the process image and the process's zeroth command line + argument. + + argument ... + Command line arguments for the command to run. + +STDIN + The key2root utility uses the standard input as the authentication key + and forwards it to the command it runs upon successful authentication. + +RATIONALE + key2root is useful for scripts that require both root access and a + keyfile: it lets the user write a script that can decrypt a keyfile + and the successful keyfile decryption to testify that the user has + authenticated himself rather also requiring his password. + +SEE ALSO + key2root-addkey(8), key2root-lskeys(8), key2root-rmkey(8), asroot(8), + sudo(8), doas(1), su(1) |