User privilege escalator similar to sudo, but more suckless
git clone
Log | Files | Refs | README | LICENSE (2619B)

      1 # Dop
      3 Dop is a minimal privilege escalation program, with functionality similar to
      4 sudo(1) and doas(1). What sets Dop apart is that it aims to be as minimal and as
      5 simple as possible, only providing basic functionality (which is all that most
      6 people need anyway). Dop stands for "DO Plus", or "suDO Plus" if you want;
      7 although Dop does significantly less than sudo.
      9 sudo is a huge program, and that's because it has a lot of features. For
     10 administrators of large servers with lots of users who should have varying
     11 privileges, sudo is a useful tool. However, for users of personal computers or
     12 admins of small personal servers, sudo is overkill. Its scale means it has a
     13 large attack surface, and it provides features that very few people actually
     14 use. doas is better in this regard, but it is still more complex than a program
     15 like it needs to be for most people.
     17 Dop takes a different approach. It provides functionality for select users and
     18 groups to run commands as other users and groups, and that's it. The program is
     19 configured at compile-time by modifying the `config.h` header file. The comments
     20 within `config.h` document all there is to know about the little configuration
     21 Dop offers. If you need something more, then Dop probably isn't for you.
     23 ## Building/Compiling/Installing/whatever
     25 ### Requirements
     26 * A C compiler compatible with C89 (or any later revision)
     27 * The `crypt` library and `crypt.h` include header: if you're using a
     28   POSIX-compliant system, you already have this. If you're not using a
     29   POSIX-compliant system, Dop probably won't work for you anyways
     31 ### Do the thing
     32 1. Clone this repo.
     33 2. Modify `config.h` to your needs.
     34 3. Modify `./` to your needs. It's just a crappy shell script that
     35    compiles the program, and performs other needed tasks. It may need to be
     36    modified depending on, for example, where you want the binary to be on your
     37    filesystem.
     38 4. Run `./ release` *as root*. You can either use an existing tool like
     39    `sudo` or `doas` for this step, or just log in as root with `su`.
     41 ## Roadmap
     42 Currently, there's no way to specify which programs Dop is permitted to execute.
     43 As such, Dop will execute anything, which may be unwanted. I'm considering
     44 adding options to `config.h` that limit this behavior: i.e. allow setting a
     45 predefined `PATH` (as opposed to using `execvp`), and blocklisting certain
     46 binaries. I currently don't have a use for this, so I'll get to it when I get to
     47 it.
     49 ## Contributing and Reporting Bugs
     50 If you find a bug or something else worth addressing, or you have a patch, send
     51 me an email at sebastian at sebsite dot pw. :)