You are not logged in.

#1 2020-11-02 19:32:38

edneville
Member
Registered: 2020-11-02
Posts: 1

pleaser, a sudo clone with regex all over the place in rust

Hello,

Not sure if this is the right place to announce this.

I've wanted regex in sudo for a long time, but it hasn't been accepted, the PR went stale. However, as I have to make rather cumbersome rules for subsets of commands, I thought, why not do something new that covers what I need and I came up with this.

https://aur.archlinux.org/packages/pleaser/

The idea is that a sysadmin (you) can delegate some access, such as this:

[docker_run]
name=ed
target=root
regex = ^(/usr)?/bin/docker\s+run\s+-it\s+(--rm)?\s+(archlinux|debian|fedora|oraclelinux):latest\s+/bin/bash
require_pass=false
$ please docker run -it --rm archlinux:latest /bin/bash

Whilst this would be disallowed, since you probably don't want to allow a container to modify /etc/shadow:

$ please docker run -it --rm -v /etc:/etc:rw oraclelinux:6-latest /bin/bash

I've written it in rust for various reasons and, well unittests.

Issues and PRs welcome (https://gitlab.com/edneville/please), would be great to hear from others.

Last edited by edneville (2020-11-02 19:48:35)

Offline

#2 2020-11-03 17:38:15

dmerej
Member
From: Paris
Registered: 2016-04-09
Posts: 93
Website

Re: pleaser, a sudo clone with regex all over the place in rust

Would be nice not to have to mess around with `sudo's` ah-hoc syntax anymore - this is a nice improvement I think. Thanks for sharing


Responsible Coder, Python Fan, Rust enthusiast

Offline

Board footer

Powered by FluxBB