aboutsummaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README49
1 files changed, 49 insertions, 0 deletions
diff --git a/README b/README
new file mode 100644
index 0000000..a77dc65
--- /dev/null
+++ b/README
@@ -0,0 +1,49 @@
+NAME
+ key2root - authenticate with a keyfile and run a process as the root user
+
+SYNOPSIS
+ key2root [-k key-name] [-e] command [argument] ...
+
+DESCRIPTION
+ The key2root utility takes a keyfile from the standard input and uses
+ it to authenticate the user, and if the keyfile is recognised, runs the
+ specified command with sanitised and updated environment variables and
+ with the keyfile as the standard input.
+
+OPTIONS
+ The key2root utility conforms to the Base Definitions volume of
+ POSIX.1-2017, Section 12.2, Utility Syntax Guidelines.
+
+ The following option is supported:
+
+ -e Keep the environment variables as is. Neither sanitise nor
+ update them.
+
+ -k key-name
+ Check the input keyfile against a specific known key, rather
+ than checking against all known keys.
+
+OPERANDS
+ The following operands are supported:
+
+ command
+ The command that shall be run with as the root user. This will
+ be both the process image and the process's zeroth command line
+ argument.
+
+ argument ...
+ Command line arguments for the command to run.
+
+STDIN
+ The key2root utility uses the standard input as the authentication key
+ and forwards it to the command it runs upon successful authentication.
+
+RATIONALE
+ key2root is useful for scripts that require both root access and a
+ keyfile: it lets the user write a script that can decrypt a keyfile
+ and the successful keyfile decryption to testify that the user has
+ authenticated himself rather also requiring his password.
+
+SEE ALSO
+ key2root-addkey(8), key2root-lskeys(8), key2root-rmkey(8), asroot(8),
+ sudo(8), doas(1), su(1)