Feb 13, 2002 MSU 1

NAME

msudir - Convenient access to setuid scripts

SYNOPSIS

msudir directory/cmd [args]

DESCRIPTION

msudir allows enabled users to easily manage 'setuid' scripts and binaries. A directory containing scripts or other executables is created inside the basedir for each destination user. Any user is then able to invoke the script 'bob' in the directory 'jo' via 'msudir jo/bob'. The script will be run under the uid and primary gid of the destination user. (All other group memberships are revoked). If the destination user cannot read the current working directory it is set to '/'.

Configuration is specified in msudir.conf.

The basedir must be owned by root and not writable by any other user. Each directory inside the basedir and files inside must be owned by the destination user or root, and also not writable by any other user.

FILE FORMAT

The msudir.conf contains lines of the form 'key = value'. If a line contains a '#' the rest of that line is ignored. Options after a [tag] line will only apply to a directory named 'tag', and will override any global options. Valid directives are:

basedir: Base directory containing user directories and commands. Default: /usr/local/msudir.
dirmatchuser: Directory names must match user names. Default: true.
fromgroup: If set the source process must be running under this real or effective group id, or have it in its current group access list. Default: unset.
path: PATH setting for all commands. Default: (spaces introduced for legibility) /usr/local/bin: /usr/local/sbin: /usr/pkg/bin: /usr/pkg/sbin: /usr/bin: /usr/sbin: /bin: /sbin: /usr/games: /usr/X11R6/bin
rootdir: If a directory is to contain setuid root scripts, the directory name must match rootdir. Default: no match
scriptsonly: Only permit files that start with '#!'. Default: false.

Boolean variables (those that default to 'true' or 'false') can be set to any of 'false', 'off', 'no', '0', or 'true', 'on', 'yes' and '1'.

FILES

${PREFIX}/etc/msudir.conf

ENVIRONMENT

msudir alters the following environment variables:

IFS: Unset
OLD_USER: Set to the previous value of USER.
PATH: Set to the value in msudir.conf (or default).
USER: Set to the username of the destination user.

msudir also sanitises all environment variables and arguments replacing everything except alphanumeric and "#%'+,-./:=@_ with spaces, and removes LD_PRELOAD and similar variables.

EXAMPLES

Sample msudir.conf file:


# common defines
dirmatchuser = 1
basedir=/usr/local/msudir
     
# special options for one directory
[flinge]
dirmatchuser = 0
fromgroup = flenge
path=/bin:/usr/bin:/sbin:/usr/sbin

AUTHORS

David Brownlee .

CAVEATS

While msudir does attempt to sanitise the environment and arguments passed it does not remove the need to write scripts that treat their input carefully.