| 1 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|---|
| 2 |
|
|---|
| 3 |
This document is largely out of date, but left for historical interest. |
|---|
| 4 |
|
|---|
| 5 |
Alec Thomas, 08/06/2005 |
|---|
| 6 |
|
|---|
| 7 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX |
|---|
| 8 |
|
|---|
| 9 |
Op is a tool for allowing users to run root privileged commands |
|---|
| 10 |
without the root password. It is described in detail in "Op: A Flexible |
|---|
| 11 |
Tool for Restricted Superuser Access" by Tom Christiansen. From this |
|---|
| 12 |
description Dave Koblas produced an impementation of op in C. Tom's |
|---|
| 13 |
original paper is included in this distribution in the file |
|---|
| 14 |
"op.paper". Differences between that design and the current |
|---|
| 15 |
implementation are noted in the file "op.changes". |
|---|
| 16 |
|
|---|
| 17 |
I first came into contact with op at Octel in 1992. Over the years I |
|---|
| 18 |
added a couple of things, and ported it to architectures Octel cared |
|---|
| 19 |
about. Those included SunOS 4.1.x, Solaris 2.2 and greater, AIX, |
|---|
| 20 |
HP-UX 9.x, BSDI 1.1 and Linux 1.x. I added support for SecurID access |
|---|
| 21 |
control from Security Dynamics. This particular code has only been |
|---|
| 22 |
tested under SunOS and Solaris. I also enhanced the syslog stuff so it |
|---|
| 23 |
would log the command parameters that op executes as well as the |
|---|
| 24 |
command name. Support for Solaris shadow passwords was also added. |
|---|
| 25 |
|
|---|
| 26 |
I left Octel in 1996, and payed little attention to op for over a |
|---|
| 27 |
year. Recently, I had a need for op on Linux 2.0. I had to tweak the |
|---|
| 28 |
shadow password implementation to get it to work. while I was at it I |
|---|
| 29 |
cleaned up some of the logging code. It seems to work quite well on |
|---|
| 30 |
Linux. I've tried hard not to break other platforms with my mods, so |
|---|
| 31 |
they probably still work too. 8).I will test this code on any platform |
|---|
| 32 |
I need to use it on. If you have ported or built this code on other |
|---|
| 33 |
platforms, I'd like to hear from you. You can reach me via email at |
|---|
| 34 |
hbo@egbok.com. I'll try to help out with bugs time permitting. |
|---|
| 35 |
|
|---|
| 36 |
|
|---|
| 37 |
**** Disclaimer **** |
|---|
| 38 |
|
|---|
| 39 |
This code has been extensively tested only on the Sun |
|---|
| 40 |
architectures. We have noticed no egregious bugs on those platforms, |
|---|
| 41 |
but that's no guarantee such bugs don't exist. That goes double for |
|---|
| 42 |
the non-Sun architectures where testing has involved building, |
|---|
| 43 |
installing and running "op sh" once or twice. |
|---|
| 44 |
|
|---|
| 45 |
To build op, edit defs.h to point OP_ACCESS at the full pathname of |
|---|
| 46 |
your op.access file. You can study the sample file included with the |
|---|
| 47 |
distribution to get an idea of its semantics. Next, edit the Makefile |
|---|
| 48 |
and remove comments from the lines appropriate to your |
|---|
| 49 |
architecture. |
|---|
| 50 |
|
|---|
| 51 |
If you have shadow passwords, define the USE_SHADOW symbol to build in |
|---|
| 52 |
Solaris style shadow support. This also works on Linux 2.0.30. Shadow |
|---|
| 53 |
passwords on other architectures have not been tested and are not |
|---|
| 54 |
supported. If you successfully port op to another platform's shadow |
|---|
| 55 |
password implementation, send me the diffs, and I'll try to roll them |
|---|
| 56 |
into the main distribution. |
|---|
| 57 |
|
|---|
| 58 |
If you have the Security Dynamics ACE server software, |
|---|
| 59 |
uncomment the lines pertaining to SECURID. Define SECURIDLIBDIR and |
|---|
| 60 |
SECURIDINC to point at where the sdiclient library, and the ACE |
|---|
| 61 |
header files live respectively. The keyword "securid" in op.access |
|---|
| 62 |
will enable the client code. Each host that runs op in this mode must |
|---|
| 63 |
be configured as a client in the ACE server's database. |
|---|
| 64 |
|
|---|
| 65 |
After that, a simple make in the source directory should build op. To |
|---|
| 66 |
test op, the executable must be setuid root, and the op.access file |
|---|
| 67 |
must reside at the place OP_ACCESS points to. |
|---|
| 68 |
|
|---|
| 69 |
I'm grateful to Tom Christiansen and Dave Koblas for the original |
|---|
| 70 |
design and implementation of op. I'm also grateful to all those folks |
|---|
| 71 |
who, like Tom and Dave, have made my life easier by giving away |
|---|
| 72 |
marvelous, useful source code. I'm happy to give a little bit back, at |
|---|
| 73 |
long last. |
|---|
| 74 |
|
|---|
| 75 |
/* +-------------------------------------------------------------------+ */ |
|---|
| 76 |
/* | Copyright 1991, David Koblas. | */ |
|---|
| 77 |
/* | Permission to use, copy, modify, and distribute this software | */ |
|---|
| 78 |
/* | and its documentation for any purpose and without fee is hereby | */ |
|---|
| 79 |
/* | granted, provided that the above copyright notice appear in all | */ |
|---|
| 80 |
/* | copies and that both that copyright notice and this permission | */ |
|---|
| 81 |
/* | notice appear in supporting documentation. This software is | */ |
|---|
| 82 |
/* | provided "as is" without express or implied warranty. | */ |
|---|
| 83 |
/* +-------------------------------------------------------------------+ */ |
|---|
| 84 |
|
|---|
| 85 |
Ditto for my contributions which are Copyright (C) 1995, 1997 by |
|---|
| 86 |
Howard Owen. (hbo@egbok.com) |
|---|
| 87 |
|
|---|
| 88 |
And again for contributions by me, Alec Thomas (alec@swapoff.org), |
|---|
| 89 |
Copyright (C) 2002-2005. |
|---|
