An alternative to `asroot'

Clifford Spencer cspencer at bbncc5.UUCP
Tue Dec 10 07:39:21 AEST 1985 

> >momentarily give a process root permissions.
> Here's an alternative to `asroot.'  This is a small program which does
Okay I'll bite, here's my `sudo' program that tries to maintain
some control over who runs it.  
% sudo command
runs that command as root.bin



# This is a shell archive.  Remove anything before this line, then
# unpack it by saving it in a file and typing "sh file".  (Files
# unpacked will be owned by you and have default permissions.)
#
# This archive contains:
# sudo.c Makefile sudo.8

echo x - sudo.c
sed -e 's/^X//' > "sudo.c" << '//E*O*F sudo.c//'
X#ifndef lint
Xstatic char rcsid[]="$Header: sudo.c,v 1.3 85/11/09 16:07:18 cspencer Exp $";
X#endif lint
X/* 
X * sudo - run a command as su. 
X * 	to compile: 
X *	cc -O sudo.c -o sudo.c; /etc/chown root sudo; chmod u+s sudo
X */
X#include <stdio.h>
X#include <sys/time.h>
X#include <sys/types.h>
X#include <sys/stat.h>
X#include <pwd.h>
X
Xchar *userfile = "/usr/adm/sudo.users";
X/* define LOGFILE to log all commands run as sudo - some find this offensive */
X#define LOGFILE "/usr/adm/sudo.log"
X	
Xchar *progname;
X
Xmain(argc, argv)
Xint argc;
Xchar *argv[];
X{
X	char *checkname();
X	char *username;
X	int uid;
X
X	progname = argv[0];
X
X	if(argc < 2) {
X		fprintf(stderr, "usage: %s cmd\n", progname);
X		exit(-1);
X	}
X
X	/* remember who this user really is */
X	uid = getuid();
X
X	if((setuid(0)) < 0)
X		eperror("setuid");
X
X	if((setgid(3)) < 0)
X		eperror("setgid");
X	
X	if (( username = checkname(uid)) == NULL)
X		exit(1);
X	argv++, argc--;
X#ifdef LOGFILE
X	log(username, argc, argv);
X#endif LOGFILE
X	execvp(*argv, argv);
X	eperror(*argv);
X}
X
X/*
X * look for a user in USERFILE - check perms and modes of USERFILE
X */
Xlookup(name)
Xchar *name;
X{
X	register FILE *fp;
X	char buf[BUFSIZ];
X	struct stat statb;
X
X	if (stat(userfile, &statb))
X		eperror(userfile);
X
X	if (statb.st_uid != 0)
X		errexit("%s must be owned by root\n", userfile);
X	
X	if (statb.st_mode & 022)	/* should be og-w */
X		errexit("bad modes on %s\n", userfile);
X	
X	if ((fp = fopen(userfile,"r")) == 0 )
X		eperror(userfile);
X
X	while ((fscanf(fp,"%s",buf)) != EOF) 
X		if(buf[0] == '#') 	/* munch comments */
X			fgets(buf,BUFSIZ,fp);
X		else if((strncmp(buf,name,strlen(name))) == 0) {
X				return 1;
X				break;
X		}
X	return 0;
X}
X
X
X/*
X * get this user's name and check if that name list of permitted users
X */
Xchar *
Xcheckname(uid)
Xregister int uid;
X{
X	struct passwd *pw;
X
X	if ((pw = getpwuid(uid)) == NULL) 
X		return NULL;
X	if(lookup(pw->pw_name) == 0) {
X		fprintf(stderr,"nope\n");
X		return NULL;
X	}
X	return pw->pw_name;
X}
X
X#ifdef LOGFILE
X/*
X * log this command in the log file
X */
Xlog(username, argc, argv)
Xchar *username;
Xint argc;
Xchar **argv;
X{
X	register FILE *fp;
X	long now;
X	char *ctime();
X
X	time(&now);
X	fp = fopen(LOGFILE,"a");
X	if (fp == NULL)
X		errexit("can't open %s.\n", LOGFILE);
X	
X	fprintf (fp, "%20.20s ", ctime(&now));
X
X	fprintf (fp,"%s: ",username);
X	while (argc--) 
X		fprintf (fp,"%s ",*argv++);
X	fprintf (fp,"\n");
X	fclose (fp);
X	return 0;
X}
X#endif LOGFILE
X
Xeperror(s)
Xregister char *s;
X{
X	fprintf(stderr,"%s: ",progname);
X	perror(s);
X	exit(-1);
X}
X
Xerrexit(fmt, arg)
Xregister char *fmt, *arg;
X{
X	fprintf(stderr,"%s: ", progname);
X	fprintf(stderr, fmt, arg);
X	exit(-1);
X}
//E*O*F sudo.c//

echo x - Makefile
sed -e 's/^X//' > "Makefile" << '//E*O*F Makefile//'
XCFLAGS=-O 
XLIBES=
XDESTDIR=/u1/cspencer
XINSTALL=/usr/bin/install
X
Xall: sudo
X
Xinstall all.install: sudo.install
X
Xsudo.install: sudo
X	${INSTALL} -m 4755 -o root sudo ${DESTDIR} 
X
Xsudo: sudo.o
X	cc ${CFLAGS} sudo.o -o sudo ${LIBES}
Xclean:
X	-rm -f sudo.o make.out sudo
//E*O*F Makefile//

echo x - sudo.8
sed -e 's/^X//' > "sudo.8" << '//E*O*F sudo.8//'
X.TH SUDO 8
X.SH NAME
Xsudo \- do a super thing
X.SH SYNOPSIS
X.B sudo
Xcommand
X.SH DESCRIPTION
X.I Sudo
Xallows a permitted user to execute a command as root.
X.I Sudo 
Xdetermines who is an authorized user by consulting the file
X.I sudo.users.
XIf a match is found
X.I command
Xis executed with uid 0 and gid 3.
XLines in 
X.I sudo.users
Xbeginning with a 
X.I '#'
Xare considered comments and are ignored.
X.SH DIAGNOSTICS
X.I Sudo
Xwill complain and exit if 
X.I sudo.users
Xis not owned by root or if it is writeable by anyone other than root.
X.SH BUGS
XShell builtins such as 
X.I 'cd'
Xwill fail.
X.SH FILES
X.nf
X/usr/adm/sudo.users list of authorized users
X.br
X/usr/adm/sudo.log record of all invocations of sudo
X.fi
X.SH SEE ALSO
Xsu(1)
//E*O*F sudo.8//

exit 0
-- 
cliff spencer {harvard, ihnp4, decvax}!bbnccv!cspencer  cspencer at bbncc5.arpa

More information about the Comp.sources.unix mailing list