aboutsummaryrefslogtreecommitdiffstats
path: root/README
blob: 35fa5abf6c090031a3e8d6e56233bf9cccd34168 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
NAME
	key2root - authenticate with a keyfile and run a process as the root user

SYNOPSIS
	key2root [-k key-name] [-e] command [argument] ...

DESCRIPTION
	The key2root utility takes a keyfile from the standard input and uses
	it to authenticate the user, and if the keyfile is recognised, runs the
	specified command with sanitised and updated environment variables and
	with the keyfile as the standard input.

OPTIONS
	The key2root utility conforms to the Base Definitions volume of
	POSIX.1-2017, Section 12.2, Utility Syntax Guidelines.

	The following option is supported:

	-e	Keep the environment variables as is. Neither sanitise nor
		update them.

	-k key-name
		Check the input keyfile against a specific known key, rather
		than checking against all known keys.

OPERANDS
	The following operands are supported:

	command
		The command that shall be run with as the root user. This will
		be both the process image and the process's zeroth command line
		argument.

	argument ...
		Command line arguments for the command to run.

STDIN
	The key2root utility uses the standard input as the authentication key
	and forwards it to the command it runs upon successful authentication.

RATIONALE
	key2root is useful for scripts that require both root access and a
	keyfile: it lets the user write a script that can decrypt a keyfile
	and the successful keyfile decryption to testify that the user has
	authenticated himself rather also requiring his password.

SEE ALSO
	key2root-addkey(8), key2root-crypt(8), key2root-lskeys(8),
	key2root-rmkey(8), asroot(8), sudo(8), doas(1), su(1)