1
0
mirror of https://github.com/rd235/cado synced 2025-01-14 06:38:15 +01:00

fix README.md markdown syntax

This commit is contained in:
Renzo Davoli 2022-06-05 11:16:50 +02:00
parent a3ff38e826
commit 4486b11c54

View File

@ -24,7 +24,7 @@ $ sudo make install
``` ```
It installs two programs in /usr/local/bin: cado and caprint. It installs two programs in /usr/local/bin: cado and caprint.
If you want to install the programs in /usr/bin run "cmake .. -DCMAKE_INSTALL_PREFIX:PATH=/usr" instead of "cmake ..". If you want to install the programs in /usr/bin run "cmake .. -DCMAKE\_INSTALL\_PREFIX:PATH=/usr" instead of "cmake ..".
## Configuration ## Configuration
@ -32,7 +32,7 @@ Cado needs a configuration file: /etc/cado.conf with the following syntax:
- lines beginning with # are comments - lines beginning with # are comments
- all the other lines have two fields separated by :, the first field is a capability or a list of - all the other lines have two fields separated by :, the first field is a capability or a list of
capabilities, the second field is a list of users or groups (group names have @ as a prefix). capabilities, the second field is a list of users or groups (group names have @ as a prefix).
Capabilities can be written with or without the cap_ prefix (net_admin means cap_net_admin). Capabilities can be written with or without the cap\_ prefix (net\_admin means cap\_net\_admin).
Example of /etc/cado.conf file: Example of /etc/cado.conf file:
``` ```
@ -44,8 +44,8 @@ cap_kill: renzo
``` ```
The file above allows the user renzo and all the members of the group named netadmin to run programs The file above allows the user renzo and all the members of the group named netadmin to run programs
neeeding the cap_net_admin capability. neeeding the cap\_net\_admin capability.
The user renzo can also run programs requiring cap_kill. The user renzo can also run programs requiring cap\_kill.
The file /etc/cado.conf can be owned by root and have no rw permission for users. The file /etc/cado.conf can be owned by root and have no rw permission for users.
@ -97,7 +97,7 @@ The syntax of cado is simple:
$ cado [options] set_of_capabilities command [args] $ cado [options] set_of_capabilities command [args]
``` ```
for example if the user renzo wants to run a shell having the cap_net_admin capability enabled he can type for example if the user renzo wants to run a shell having the cap\_net\_admin capability enabled he can type
the following command: the following command:
``` ```
$ cado net_admin bash $ cado net_admin bash
@ -105,11 +105,11 @@ Password:
$ $
``` ```
the user will be requested to authenticate himself. If the user has the right to enable cap_net_admin (from the the user will be requested to authenticate himself. If the user has the right to enable cap\_net\_admin (from the
cado.conf configuration file) and he typed in the correct password, cado starts a new shell with the requested cado.conf configuration file) and he typed in the correct password, cado starts a new shell with the requested
capability enabled. capability enabled.
It is possible define the set_of_capabilities using a list of capabilities (with or without the cap_prefix) It is possible define the set\_of\_capabilities using a list of capabilities (with or without the cap\_prefix)
or exadecimal masks. or exadecimal masks.
In the new shell the user can do all the operations permitted by the enabled capabilities, In the new shell the user can do all the operations permitted by the enabled capabilities,
@ -123,7 +123,7 @@ $ grep CapAmb /proc/$$/status
CapAmb: 0000000000001000 CapAmb: 0000000000001000
``` ```
(cap_net_admin is the capability #12, the mask is 0x1000, i.e. 1ULL << 12) (cap\_net\_admin is the capability #12, the mask is 0x1000, i.e. 1ULL << 12)
## caprint ## caprint
@ -142,7 +142,7 @@ $ caprint -l
There is an option -p that has been designed to add the current set of ambient capabilities to the shell prompt, There is an option -p that has been designed to add the current set of ambient capabilities to the shell prompt,
so it is easier for the user to recognize when a shell has some "extra power", so to avoid errors. so it is easier for the user to recognize when a shell has some "extra power", so to avoid errors.
In .bashrc or .bash_profile (or in their system-side counterparts in /etc) it is possible to set rules like In .bashrc or .bash\_profile (or in their system-side counterparts in /etc) it is possible to set rules like
the followings: the followings:
``` ```
if which caprint >&/dev/null ; then if which caprint >&/dev/null ; then