|
Name |
|
Date |
Size |
#Lines |
LOC |
| .. | | 03-May-2022 | - |
| build-aux/ | H | 12-Apr-2017 | - | 5,134 | 4,142 |
| contrib/ | H | 12-Apr-2017 | - | 3,559 | 2,806 |
| m4/ | H | 12-Apr-2017 | - | 1,685 | 1,591 |
| .gitignore | H A D | 12-Apr-2017 | 170 | 20 | 19 |
| .travis.yml | H A D | 12-Apr-2017 | 169 | 11 | 7 |
| AUTHORS | H A D | 12-Apr-2017 | 168 | 5 | 4 |
| COPYING | H A D | 12-Apr-2017 | 1.2 KiB | 21 | 18 |
| ChangeLog | H A D | 12-Apr-2017 | 8.1 KiB | 225 | 177 |
| INSTALL | H A D | 12-Apr-2017 | 15.4 KiB | 371 | 289 |
| Makefile.am | H A D | 12-Apr-2017 | 1.2 KiB | 41 | 31 |
| Makefile.in | H A D | 12-Apr-2017 | 29.3 KiB | 900 | 795 |
| NEWS | H A D | 12-Apr-2017 | 22 | 2 | 1 |
| README | H A D | 12-Apr-2017 | 4.4 KiB | 91 | 72 |
| aclocal.m4 | H A D | 12-Apr-2017 | 39 KiB | 1,089 | 992 |
| atov.c | H A D | 12-Apr-2017 | 1.7 KiB | 79 | 64 |
| autogen.sh | H A D | 12-Apr-2017 | 538 | 27 | 13 |
| config.h.in | H A D | 12-Apr-2017 | 6.7 KiB | 264 | 184 |
| configure | H A D | 03-May-2022 | 302.3 KiB | 11,190 | 9,062 |
| configure.ac | H A D | 12-Apr-2017 | 11.5 KiB | 353 | 310 |
| defs.h | H A D | 12-Apr-2017 | 4.1 KiB | 188 | 148 |
| lex.c | H A D | 12-Apr-2017 | 143.1 KiB | 3,806 | 2,875 |
| lex.l | H A D | 12-Apr-2017 | 11.9 KiB | 540 | 424 |
| main.c | H A D | 12-Apr-2017 | 42.7 KiB | 1,603 | 1,221 |
| op.1 | H A D | 12-Apr-2017 | 10.1 KiB | 391 | 387 |
| op.conf | H A D | 12-Apr-2017 | 366 | 19 | 0 |
| op.conf-dist | H A D | 12-Apr-2017 | 2.7 KiB | 98 | 83 |
| op.conf.complex | H A D | 12-Apr-2017 | 2.6 KiB | 84 | 73 |
| op.list.in | H A D | 12-Apr-2017 | 523 | 26 | 20 |
| op.pam | H A D | 12-Apr-2017 | 67 | 4 | 3 |
| op.paper | H A D | 12-Apr-2017 | 14.5 KiB | 359 | 291 |
| regexp.c | H A D | 12-Apr-2017 | 34.9 KiB | 1,404 | 916 |
| regexp.h | H A D | 12-Apr-2017 | 872 | 33 | 18 |
| rplregex.c | H A D | 12-Apr-2017 | 6.2 KiB | 219 | 174 |
| rplregex.h | H A D | 12-Apr-2017 | 2.1 KiB | 61 | 30 |
| snprintf.c | H A D | 12-Apr-2017 | 30.4 KiB | 1,069 | 807 |
| strlcat.c | H A D | 12-Apr-2017 | 2.5 KiB | 77 | 29 |
| strlcpy.c | H A D | 12-Apr-2017 | 1.7 KiB | 59 | 25 |
| util.c | H A D | 12-Apr-2017 | 2.8 KiB | 133 | 99 |
| yywrap.c | H A D | 12-Apr-2017 | 124 | 11 | 10 |
README
1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2
3This document is largely out of date, but left for historical interest.
4
5Alec Thomas, 08/06/2005
6
7XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
8
9Op is a tool for allowing users to run root privileged commands
10without the root password. It is described in detail in "Op: A Flexible
11Tool for Restricted Superuser Access" by Tom Christiansen. From this
12description Dave Koblas produced an impementation of op in C. Tom's
13original paper is included in this distribution in the file
14"op.paper". Differences between that design and the current
15implementation are noted in the file "op.changes".
16
17I first came into contact with op at Octel in 1992. Over the years I
18added a couple of things, and ported it to architectures Octel cared
19about. Those included SunOS 4.1.x, Solaris 2.2 and greater, AIX,
20HP-UX 9.x, BSDI 1.1 and Linux 1.x. I added support for SecurID access
21control from Security Dynamics. This particular code has only been
22tested under SunOS and Solaris. I also enhanced the syslog stuff so it
23would log the command parameters that op executes as well as the
24command name. Support for Solaris shadow passwords was also added.
25
26I left Octel in 1996, and payed little attention to op for over a
27year. Recently, I had a need for op on Linux 2.0. I had to tweak the
28shadow password implementation to get it to work. while I was at it I
29cleaned up some of the logging code. It seems to work quite well on
30Linux. I've tried hard not to break other platforms with my mods, so
31they probably still work too. 8).I will test this code on any platform
32I need to use it on. If you have ported or built this code on other
33platforms, I'd like to hear from you. You can reach me via email at
34hbo@egbok.com. I'll try to help out with bugs time permitting.
35
36
37**** Disclaimer ****
38
39This code has been extensively tested only on the Sun
40architectures. We have noticed no egregious bugs on those platforms,
41but that's no guarantee such bugs don't exist. That goes double for
42the non-Sun architectures where testing has involved building,
43installing and running "op sh" once or twice.
44
45To build op, edit defs.h to point OP_ACCESS at the full pathname of
46your op.access file. You can study the sample file included with the
47distribution to get an idea of its semantics. Next, edit the Makefile
48and remove comments from the lines appropriate to your
49architecture.
50
51If you have shadow passwords, define the USE_SHADOW symbol to build in
52Solaris style shadow support. This also works on Linux 2.0.30. Shadow
53passwords on other architectures have not been tested and are not
54supported. If you successfully port op to another platform's shadow
55password implementation, send me the diffs, and I'll try to roll them
56into the main distribution.
57
58 If you have the Security Dynamics ACE server software,
59uncomment the lines pertaining to SECURID. Define SECURIDLIBDIR and
60SECURIDINC to point at where the sdiclient library, and the ACE
61header files live respectively. The keyword "securid" in op.access
62will enable the client code. Each host that runs op in this mode must
63be configured as a client in the ACE server's database.
64
65After that, a simple make in the source directory should build op. To
66test op, the executable must be setuid root, and the op.access file
67must reside at the place OP_ACCESS points to.
68
69I'm grateful to Tom Christiansen and Dave Koblas for the original
70design and implementation of op. I'm also grateful to all those folks
71who, like Tom and Dave, have made my life easier by giving away
72marvelous, useful source code. I'm happy to give a little bit back, at
73long last.
74
75/* +-------------------------------------------------------------------+ */
76/* | Copyright 1991, David Koblas. | */
77/* | Permission to use, copy, modify, and distribute this software | */
78/* | and its documentation for any purpose and without fee is hereby | */
79/* | granted, provided that the above copyright notice appear in all | */
80/* | copies and that both that copyright notice and this permission | */
81/* | notice appear in supporting documentation. This software is | */
82/* | provided "as is" without express or implied warranty. | */
83/* +-------------------------------------------------------------------+ */
84
85 Ditto for my contributions which are Copyright (C) 1995, 1997 by
86 Howard Owen. (hbo@egbok.com)
87
88 And again for contributions by me, Alec Thomas (alec@swapoff.org),
89 Copyright (C) 2002-2005.
90
91