mirror of
https://github.com/rd235/cado
synced 2025-01-14 06:38:15 +01:00
fix README.md markdown syntax
This commit is contained in:
parent
a3ff38e826
commit
4486b11c54
18
README.md
18
README.md
@ -24,7 +24,7 @@ $ sudo make install
|
|||||||
```
|
```
|
||||||
|
|
||||||
It installs two programs in /usr/local/bin: cado and caprint.
|
It installs two programs in /usr/local/bin: cado and caprint.
|
||||||
If you want to install the programs in /usr/bin run "cmake .. -DCMAKE_INSTALL_PREFIX:PATH=/usr" instead of "cmake ..".
|
If you want to install the programs in /usr/bin run "cmake .. -DCMAKE\_INSTALL\_PREFIX:PATH=/usr" instead of "cmake ..".
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
|
||||||
@ -32,7 +32,7 @@ Cado needs a configuration file: /etc/cado.conf with the following syntax:
|
|||||||
- lines beginning with # are comments
|
- lines beginning with # are comments
|
||||||
- all the other lines have two fields separated by :, the first field is a capability or a list of
|
- all the other lines have two fields separated by :, the first field is a capability or a list of
|
||||||
capabilities, the second field is a list of users or groups (group names have @ as a prefix).
|
capabilities, the second field is a list of users or groups (group names have @ as a prefix).
|
||||||
Capabilities can be written with or without the cap_ prefix (net_admin means cap_net_admin).
|
Capabilities can be written with or without the cap\_ prefix (net\_admin means cap\_net\_admin).
|
||||||
|
|
||||||
Example of /etc/cado.conf file:
|
Example of /etc/cado.conf file:
|
||||||
```
|
```
|
||||||
@ -44,8 +44,8 @@ cap_kill: renzo
|
|||||||
```
|
```
|
||||||
|
|
||||||
The file above allows the user renzo and all the members of the group named netadmin to run programs
|
The file above allows the user renzo and all the members of the group named netadmin to run programs
|
||||||
neeeding the cap_net_admin capability.
|
neeeding the cap\_net\_admin capability.
|
||||||
The user renzo can also run programs requiring cap_kill.
|
The user renzo can also run programs requiring cap\_kill.
|
||||||
The file /etc/cado.conf can be owned by root and have no rw permission for users.
|
The file /etc/cado.conf can be owned by root and have no rw permission for users.
|
||||||
|
|
||||||
|
|
||||||
@ -97,7 +97,7 @@ The syntax of cado is simple:
|
|||||||
$ cado [options] set_of_capabilities command [args]
|
$ cado [options] set_of_capabilities command [args]
|
||||||
```
|
```
|
||||||
|
|
||||||
for example if the user renzo wants to run a shell having the cap_net_admin capability enabled he can type
|
for example if the user renzo wants to run a shell having the cap\_net\_admin capability enabled he can type
|
||||||
the following command:
|
the following command:
|
||||||
```
|
```
|
||||||
$ cado net_admin bash
|
$ cado net_admin bash
|
||||||
@ -105,11 +105,11 @@ Password:
|
|||||||
$
|
$
|
||||||
```
|
```
|
||||||
|
|
||||||
the user will be requested to authenticate himself. If the user has the right to enable cap_net_admin (from the
|
the user will be requested to authenticate himself. If the user has the right to enable cap\_net\_admin (from the
|
||||||
cado.conf configuration file) and he typed in the correct password, cado starts a new shell with the requested
|
cado.conf configuration file) and he typed in the correct password, cado starts a new shell with the requested
|
||||||
capability enabled.
|
capability enabled.
|
||||||
|
|
||||||
It is possible define the set_of_capabilities using a list of capabilities (with or without the cap_prefix)
|
It is possible define the set\_of\_capabilities using a list of capabilities (with or without the cap\_prefix)
|
||||||
or exadecimal masks.
|
or exadecimal masks.
|
||||||
|
|
||||||
In the new shell the user can do all the operations permitted by the enabled capabilities,
|
In the new shell the user can do all the operations permitted by the enabled capabilities,
|
||||||
@ -123,7 +123,7 @@ $ grep CapAmb /proc/$$/status
|
|||||||
CapAmb: 0000000000001000
|
CapAmb: 0000000000001000
|
||||||
```
|
```
|
||||||
|
|
||||||
(cap_net_admin is the capability #12, the mask is 0x1000, i.e. 1ULL << 12)
|
(cap\_net\_admin is the capability #12, the mask is 0x1000, i.e. 1ULL << 12)
|
||||||
|
|
||||||
## caprint
|
## caprint
|
||||||
|
|
||||||
@ -142,7 +142,7 @@ $ caprint -l
|
|||||||
There is an option -p that has been designed to add the current set of ambient capabilities to the shell prompt,
|
There is an option -p that has been designed to add the current set of ambient capabilities to the shell prompt,
|
||||||
so it is easier for the user to recognize when a shell has some "extra power", so to avoid errors.
|
so it is easier for the user to recognize when a shell has some "extra power", so to avoid errors.
|
||||||
|
|
||||||
In .bashrc or .bash_profile (or in their system-side counterparts in /etc) it is possible to set rules like
|
In .bashrc or .bash\_profile (or in their system-side counterparts in /etc) it is possible to set rules like
|
||||||
the followings:
|
the followings:
|
||||||
```
|
```
|
||||||
if which caprint >&/dev/null ; then
|
if which caprint >&/dev/null ; then
|
||||||
|
Loading…
Reference in New Issue
Block a user