logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

scado - Script Capability Ambient DO

Contents

Description

cado(1)  allows  the system administrator to delegate capabilities to users.  Users can grant a subset of
       these ambient capabilities to trusted programs.  Each user can define their own list of trusted  programs
       and  which capabilities to grant, using a scado file.  cado-S or cado--scado run those trusted programs
       without any further authentication.  In this way it is also possible to run programs  requiring  specific
       capabilities within a bash script.

       Scado is the command a user can run to create, edit, check or delete their own scado file.

       Each line of a scado file file has the following syntax:
           path_of_the_executable_file:capability_list
       or
           path_of_the_executable_file:capability_list:sha256_digest_of_the_executable
       (See  the  EXAMPLES  section  at  the  end of the man page for more info. All the trailing part of a line
       following a # sign is a comment.).

       The path_of_the_executable_file must be absolute.

       The capability_list is a comma separated list of capability names or capability masks.  For brevity,  the
       cap_  prefix  of  capabilities  names  can  be  omitted  (e.g.  net_admin and cap_net_admin have the same
       meaning).

       The sha256_digest_of_the_executable prevents TOCTTOU attacks. When a  user  wants  to  run  the  file  at
       path_of_the_executable_file  granting  it some of the capabilities in the capability_list, the permission
       is denied if its sha256 digest does not match sha256_digest_of_the_executable.

       If there are only two colon (:) separated fields in a line, it means that the user trusts  a  priori  the
       integrity  of  the file whose pathname is path_of_the_executable_file.  It can be, for example, a program
       in /bin or /usr/bin not modifiable by users.

       If there are three fields (i.e. two colon characters), it means that the  user  wants  the  cryptographic
       digest  check  on  the  executable  file  integrity.   When  a  user edits their scado file, if the field
       (sha256_digest_of_the_executable) is empty, scado computes it automatically when the scado file is saved.

       Scado asks for user authentication by PAM to confirm any modification of the scado file.

       There is also a TOCTTOU protection at running time: cado -S copies the executable file in a  safe  place,
       where  the user cannot change it, and runs it only if the integrity check on it succeeds.  The user (or a
       malicious intruder acting as the user) cannot modify the file after the integrity check has completed and
       before the program is loaded.

Exceptions Files Examples

       Allow cado-S to run /bin/ping providing it with the cap_net_raw capability, without any integrity check:
           /bin/ping : cap_net_raw

       Allow the activation of ping with cap_net_raw provided it has a specific SHA256 digest
           /bin/ping : cap_net_raw : dcb237f1cb20ee7b1550900d1b524c554063fd17fc673c56d341736ced6bed4b

       Compute the SHA256 digest of (the current version  of)  ping  so,  allow  the  activation  of  ping  with
       cap_net_raw provided it has not been modified.
           /bin/ping : cap_net_raw :

       If  one  of  the  example lines here above has been inserted in the user scado file using scado-e, it is
       possible to execute ping as follows:
           cado -S cap_net_raw /bin/ping

Name

       scado - Script Capability Ambient DO

Options

scado accepts the following options:

       -l--list Display the current scado file.  The  actual  file  in  the  file  system  is  not  accessible  by
              unprivileged users, for security reasons.

       -e--edit Edit  the  scado  file  of the current user using the editor specified by either the VISUAL or the
              EDITOR environment variable (checked in that order).  After you exit from the editor, the modified
              file will be installed automatically.

       -D--delete
              Delete the current user's scado file.

       -ucommand--updatecommand
              Recompute the hash of the line which starts with command.

       -U--update-all
              Update all the digest entries.

       -h--help print a short usage banner and exit.

See Also

cado(1), capabilities(7)

VirtualSquare Labs                                June 23, 2016                                         SCADO(1)

Synopsis

scado-D | -e | -lscado-ucommand | -Uscado-h

See Also

Filing
Filing PNG Icons
Installerpedia
shadowsocks/shadowsocks-rust Installerpedia
User
User PNG Icons
Man Pages
/executable Man Pages
Man Pages
Digest.S Man Pages
Man Pages
cap_get_file, cap_set_file, cap_get_fd, cap_set_fd, cap_get_nsowner, cap_set_nsowner Man Pages
Man Pages
ping Man Pages
List
List PNG Icons
Man Pages
capabilities Man Pages
← View User commands Category← Back to User and authentication🙏  Credits & Acknowledgments