https://github.com/LeChatP/RootAsRole

A memory-safe and security-oriented alternative to sudo/su commands
https://github.com/LeChatP/RootAsRole

capabilities linux rbac rust su sudo

Last synced: 8 months ago
JSON representation

A memory-safe and security-oriented alternative to sudo/su commands

• Host: GitHub
• URL: https://github.com/LeChatP/RootAsRole
• Owner: LeChatP
• License: gpl-3.0
• Created: 2018-08-28T14:35:23.000Z (over 7 years ago)
• Default Branch: main
• Last Pushed: 2024-05-22T12:19:20.000Z (almost 2 years ago)
• Last Synced: 2024-05-22T12:48:05.643Z (almost 2 years ago)
• Topics: capabilities, linux, rbac, rust, su, sudo
• Language: Rust
• Homepage: https://lechatp.github.io/RootAsRole/
• Size: 5.49 MB
• Stars: 123
• Watchers: 8
• Forks: 6
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • License: LICENSE
  • Security: SECURITY.md

Awesome Lists containing this project

• fucking-awesome-rust - LeChatP/RootAsRole - A better alternative to sudo(-rs)/su • ⚡ Blazing fast • 🛡️ Memory-safe • 🔐 Security-oriented    (Applications / Security tools)
• awesome-rust - LeChatP/RootAsRole - A better alternative to sudo(-rs)/su • ⚡ Blazing fast • 🛡️ Memory-safe • 🔐 Security-oriented    (Applications / Security tools)
• awesome-rust-with-stars - LeChatP/RootAsRole - rs)/su • ⚡ Blazing fast • 🛡️ Memory-safe • 🔐 Security-oriented | 2026-01-22 | (Applications / Security tools)

README

          




  

 

 


  







 



# RootAsRole (V3.1.1) — A better alternative to `sudo(-rs)`/`su` • ⚡ Blazing fast • 🛡️ Memory-safe • 🔐 Security-oriented

RootAsRole is a Linux/Unix privilege delegation tool based on **Role-Based Access Control (RBAC)**. It empowers administrators to assign precise privileges — not full root — to users and commands.

**[📚 Full Documentation for more details](https://lechatp.github.io/RootAsRole/)**

## 🚀 Why you need RootAsRole?

Most Linux systems break the [Principle of Least Privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege). Tools like `sudo` give **full root**, even if you just need one capability like `CAP_NET_RAW`.

RootAsRole solves this:

- Grants **only the required capabilities**

- Uses **roles and tasks** to delegate rights securely

- Better than `sudo`, `doas`, `setcap`, or `pam_cap`, see Comparison table below

## ⚙️ Features

* [A structured access control model based on Roles](https://dl.acm.org/doi/10.1145/501978.501980)

  * [Role hierarchy](https://dl.acm.org/doi/10.1145/501978.501980)

  * [Static/Dynamic Separation of Duties](https://dl.acm.org/doi/10.1145/501978.501980)

* [Linux Capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) support

* [Highly configurable](https://lechatp.github.io/RootAsRole/chsr/file-config.html)

* Command matching with [glob](https://docs.rs/glob/latest/glob/) for binary path and [PCRE2](https://www.pcre.org/) for command arguments

* 🛠️ Configuration Helpers:

   * [capable](https://github.com/LeChatP/RootAsRole-capable): Analyze command rights

   * [gensr](https://github.com/LeChatP/RootAsRole-gensr): Generate policy from Ansible playbooks

## 📊 Why It’s Better Than Others

| Feature                                  | setcap??          | doas       | sudo                           | sudo-rs                       | sr (RootAsRole)                                          |

|------------------------------------------|-------------------|------------|--------------------------------|--------------------------------|----------------------------------------------|

| **Change user/groups**                   | N/A               | ✅  | ✅ | ✅ | ✅✅ mandatory or optional                       |

| **Environment variables**                | N/A               | partial  | ✅ | partial                     | ✅                                    |

| **Specific command matching**            | N/A               | strict | strict & regex            | strict & wildcard            | strict & regex                       |

| **Centralized policy**                   | ❌                | ❌         | ✅                    | ❌                            | Planned                                          |

| **Secure signal forwarding**             | N/A               | ❌         | ✅                            | ✅                            | Planned                                      |

| **Set capabilities**                     | ⚠️ files     | ❌         | ❌                             | ❌                            | ✅                                 |

| **Prevent direct privilege escalation**  | ❌                | ❌         | ❌                             | ❌                            | ✅                         |

| **Untrust authorized users**             | ❌                | ❌         | ❌                             | ❌                            | ✅                   |

| **Standardized policy format**       | ❌                | ❌     | ❌                         | ❌                        | ✅                                   |

| **Scalable access control model**        | N/A               | ❌ ACL        | ❌ ACL                            | ❌ ACL                           | ✅ RBAC                                         |

## 📥 Installation

### 🔧 From Source

### Prerequisites

* [Rust](https://www.rust-lang.org/tools/install) >= 1.76.0

  * You can install Rust by running the following command:

    ```sh

    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

    ```

    (Do not forget to add the cargo bin directory to your PATH with `. "$HOME/.cargo/env"` command)

* [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)

  * You can install git by running the following commands depending on your distribution:

    Ubuntu : `sudo apt-get install git`, RedHat : `sudo yum install git`, ArchLinux : `sudo pacman -S git`

* [clang](https://clang.llvm.org/get_started.html) (or gcc, but clang is highly recommended)

  * You can install clang by running the following commands depending on your distribution:

    Ubuntu : `sudo apt-get install clang`, RedHat : `sudo yum install clang`, ArchLinux : `sudo pacman -S clang`

### Install Steps

> [!WARNING]

> **This installation process configures RaR with all privileges for the user who install the program. See [what it does](https://lechatp.github.io/RootAsRole/guide/installation.html#what-does-the-installation-script-do).**

>  1. `git clone https://github.com/LeChatP/RootAsRole`

>  1. `cd RootAsRole`

>  1. `cargo xtask install -bip sudo`

### Install from Linux distributions

**We really need your help to bring the project to Linux distributions repositories! Please contribute 🙏!**

## 🧰 Usage


Execute privileged commands with a role-based access control system


Usage: sr [OPTIONS] [COMMAND]...

Arguments:

  [COMMAND]...  Command to execute

Options:

  -r, --role <ROLE>  Role to select

  -t, --task <TASK>  Task to select (--role required)

  -u, --user <USER>  User to execute the command as

  -g, --group <GROUP<,GROUP...>> Group(s) to execute the command as

  -E, --preserve-env          Keep environment variables from the current process

  -p, --prompt <PROMPT> Prompt to display

  -i, --info         Display rights of executor

  -h, --help         Print help (see more with '--help')

  -V, --version      Print version



If you're accustomed to utilizing the sudo tool and find it difficult to break that habit, consider creating an alias : 

```sh

alias sudo="sr"

```

## 🏎️ Performance

RootAsRole **3.1.0** introduced **CBOR** support, significantly boosting performance:

- ⚡ **77% faster** than `sudo` when using a single rule

- 📈 **Scales 40% better** than `sudo` as more rules are added

[![Performance comparison](https://github.com/LeChatP/RaR-perf/raw/main/result_25-07-04_15.44.png)](https://github.com/LeChatP/RaR-perf)

> 📝 sudo-rs matches sudo performance but crashes with >100 rules ([won’t fix for now](https://github.com/trifectatechfoundation/sudo-rs/issues/1192))

### Why Performance Matters

When using **Ansible** (or any automation tool), every task that uses `become: true` will invoke `sr` on the target host.

With **RootAsRole (RaR)**, each role and task introduces additional access control logic --- this doesn’t slow you down.

💡 **Here’s the reality**: You can reach the performance of **1 `sudo` rule** with **~4000 RaR rules**.

That means:

- You can define thousands of fine-grained rules

- You **enforce better security** (POLP) without degrading performance

- The system stays **fast, even at scale**

## 🧱 Configuration

Use the `chsr` command to:

* Define roles and tasks

* Assign them to users or groups

More information in the [documentation](https://lechatp.github.io/RootAsRole/chsr/file-config.html)

Use the [capable](https://github.com/LeChatP/RootAsRole-capable) command to:

* Analyze specific command rights

* Generate "credentials" task structure

Use [gensr](https://github.com/LeChatP/RootAsRole-gensr) for Ansible to:

* Auto-generate security policies for your playbooks

* Detect supply chain attacks by reviewing the generated policy

## ✅ Compatibility

* Linux kernel >= 4.3

## 👥 Contributors

* Eddie Billoir : 

* Ahmad Samer Wazan : 

* Romain Laborde : 

* Rémi Venant: 

* Guillaume Daumas : 

## 🖼️ Logo

This logo were generated using DALL-E 2 AI, for any license issue or plagiarism, please note that is not intentionnal and don't hesitate to contact us.

## 📜 Licence notice

This project includes [sudo-rs](https://github.com/memorysafety/sudo-rs) code licensed under the Apache-2 and MIT licenses: 

We have included cutils.rs, securemem.rs to make work the rpassword.rs file. Indeed, We thought that the password was well managed in this file and we have reused it. As sudo-rs does, rpassword.rs is from the rpassword project (License: Apache-2.0). We use it as a replacement of the rpassword project usage.

## 🧪 Sponsored research

This project was initiated by **IRIT** and sponsored by both **IRIT** and **Airbus PROTECT** through an industrial PhD during 2022 and 2025.

## [Link to References](https://lechatp.github.io/RootAsRole/bibliography.html)