mirror of https://github.com/rd235/cado
90 lines
3.0 KiB
Groff
90 lines
3.0 KiB
Groff
.TH CADO 1 "June 23, 2016" "VirtualSquare Labs"
|
|
.SH NAME
|
|
cado \- Capability Ambient DO
|
|
.SH SYNOPSIS
|
|
.B cado
|
|
[
|
|
.I OPTIONS
|
|
]
|
|
.I capability_list
|
|
[
|
|
.I command
|
|
[
|
|
.I args
|
|
]
|
|
]
|
|
|
|
.SH DESCRIPTION
|
|
Cado permits to delegate capabilities to users.
|
|
Cado is a capability based sudo. Sudo allows authorized users to run programs as root (or as another user),
|
|
cado allows authorized users to run programs with specific (ambient) capabilities.
|
|
|
|
Cado is more selective than sudo, users can be authorized to have only specific capabilities (and not others).
|
|
|
|
\fIcapability_list\fR is a comma separated list of capability names or capability masks (exadecimal numbers).
|
|
For brevity, the \fBcap_\fR prefix of capability names can be omitted (e.g. \fBnet_admin\fR and \fBcap_net_admin\fR
|
|
have the same meaning).
|
|
|
|
If it is allowed for the current user to run processes with the requested capabilities, the user is asked to
|
|
type their password (or to authenticate themselves as required by pam unless \fB-S\fR or \fB--scado\fR).
|
|
Once the authentication succeeds, \fBcado\fR executes the command granting the required ambient capabilities.
|
|
|
|
If \fIcommand\fR is omitted cado launch the command specified in the environment
|
|
variable $SHELL.
|
|
|
|
The file /etc/cado.conf (see \fBcado.conf\fR(5)) defines which capabilities can be provided by \fBcado\fR to each user.
|
|
Cado itself is not a setuid executable, it uses the capability mechanism and it has an option to
|
|
set its own capabilities. So after each change in the /etc/cado.conf, the capability set should be
|
|
recomputed by root using the command \fBcado -s\fR or \fBcado --setcap\fR.
|
|
|
|
When \fBcado\fR runs is scado mode (by the option \fB-S\fR or \fB--scado\fR), if
|
|
.br
|
|
\ \ - the current user is allowed to run processes with the requested capabilities,
|
|
.br
|
|
\ \ - the \fBcommand\fR argument is an absolute pathname and
|
|
.br
|
|
\ \ - there is a specific authorization line in the user's scado file,
|
|
.br
|
|
\fBcado\fR runs the command granting the required ambient capabilities without any further authentication request
|
|
(it does not prompt for a password).
|
|
.SP 2
|
|
|
|
.SH OPTIONS
|
|
.I cado
|
|
accepts the following options:
|
|
.TP
|
|
\fB\-v
|
|
.TQ
|
|
\fB\-\-verbose
|
|
run in verbose mode. \fBcado\fR shows the set of allowed capabilities, requested cababilities, unavailable capabilities and
|
|
(in case of -s) the set of capabilities assigned to \fBcado.conf\fR itself.
|
|
.TP
|
|
\fB\-f
|
|
.TQ
|
|
\fB\-\-force
|
|
do not fail in case the user asks for unavailable capabilities, \fBcado\fR in this case grants the intersection between the
|
|
set of requested cababilities and the set of allowed capabilities
|
|
.TP
|
|
\fB\-s
|
|
.TQ
|
|
\fB\-\-setcap
|
|
\fBcado\fR computes the miminal set of capability required by itself and sets the file capability of the cado executable.
|
|
.TP
|
|
\fB\-S
|
|
.TQ
|
|
\fB\-\-scado
|
|
launch \fBcado\fR with \fBscado\fR(1) support. \fIcommand\fR must be an absolute pathname and a specific authorization line must
|
|
appear in the user's scado file.
|
|
.TP
|
|
\fB\-h
|
|
.TQ
|
|
\fB\-\-help
|
|
print a short usage banner and exit.
|
|
|
|
.SH SEE ALSO
|
|
\fBcado.conf\fR(5),
|
|
\fBcaprint\fR(1),
|
|
\fBscado\fR(1),
|
|
\fBcapabilities\fR(7)
|
|
|