Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/schctl/mk

Privilege management for *nix systems
https://github.com/schctl/mk

privileges rust sudo

Last synced: 5 days ago
JSON representation

Privilege management for *nix systems

Host: GitHub
URL: https://github.com/schctl/mk
Owner: schctl
License: mit
Created: 2023-10-16T12:14:46.000Z (about 1 year ago)
Default Branch: main
Last Pushed: 2023-10-16T12:15:20.000Z (about 1 year ago)
Last Synced: 2024-12-23T08:19:33.022Z (11 days ago)
Topics: privileges, rust, sudo
Language: Rust
Homepage:
Size: 151 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # mk (^∇^)-b

`mk` is a tool to run commands as another user. It is similar to [`doas`](https://github.com/Duncaen/OpenDoas) or [`sudo`](https://github.com/sudo-project/sudo).

---

## Building `mk`

### Requirements

- Rust 1.56+

- A C compiler

- [Bindgen requirements](https://rust-lang.github.io/rust-bindgen/requirements.html)

### Feature flags

| Flag     | Description                                                                                                                     |

| -------- | ------------------------------------------------------------------------------------------------------------------------------- |

| `pam`    | Builds with for authentication using [`PAM`](https://en.wikipedia.org/wiki/Pluggable_authentication_module) (requires `libpam`) |

| `shadow` | Builds with support for authentication using the shadow password database                                                       |

## Configuration

`mk` searches for rules defined in `/etc/mk.conf`, configured in the [`TOML`](https://toml.io/en/) format.

### Minimal configuration

```toml

[policies.default.permits]

all-targets = true

[groups]

wheel = "default"

```

### A more detailed example

```toml

# A policy defines how `mk` behaves

[policies]

# Definitions for a policy named "default"

[policies.default]

# Permitted actions

[policies.default.permits]

# Allow executing actions as all users

# Default: false

all-targets = false

# Users that this policy allows executing actions as

# Default: (empty)

targets = [

    "root"

]

# Runtime behavior

[policies.default.session]

# Allow users of this policy to execute actions without authentication

# Default: false

no-auth = false

# Inactive duration after which a user will need to be re-authenticated

# Default: -1 (no timeout) - the user will be re-authenticated each time

refresh = 5 # minutes

# A more restricted policy

[policies.restricted]

# Policy for groups

[groups]

wheel = "default"

# Policy to use for each user

[users]

# Dummy will use the restricted policy even if they

# are part of the wheel group

dummy = "restricted"

```

---

### Disclaimer

I am not an expert, and this project is still very early in development. Don't use this anywhere except for testing.

### License

`mk` and all its crates are distributed under the terms of the MIT license. See [LICENSE](LICENSE) for more information.