DOAS - alpha release 1.
Jochen Fritz
jfritz@rdrc.rpi.edu

This is free software.  Please see the file COPYING for more info.

This is an alpha version of doas, a utility to allow any user to
allow any arbitrary set of users to run commands unser his/her user
id.  This would be useful to allow some users to do some things as
root or bin.  It also removes SOME of the security holes inherant in
setuid shell scripts.  

It was written on and for linux systems.  It should port to any system
that has a working BSD-style setreuid system call.  (I chose not to
support the brain-dead SYSV save uid's).  I do not have root on any
other system, so I have been unable to test it there.

I have been using this on my system for a few weeks, but only to give
me root access on demand.  It needs further pounding before a real
release can be made.

Due to its nature, this program must be installed setuid root,
If it has a security hole, or is installed improperlly,
it has the potential to give away root access.  There are some that
will say that the entire philosophy of this package is a security
hole.  

To prevent security holes, the trusted code has been kept as small and
simple as possible.  There are some utility programs, which are not
installed as root, and thus are both replacable by the user.  This
also serves to keep the bloat down on the trusted application.

If after reading the above you are still willing to be an ALPHA
tester, install the code.  To do so, type unpack the archive, then:

$ make
$ su                      
# make install
#exit

The program is now installed.  You will now want to create a .doas
file for someone.  I would suggest the following for root:

shell:XXXXX:/bin/sh
do:XXXXX:/usr/bin/do

Relace the XXXXXX with the account of the system admin.  Put this text
into the file /.doas_root or /.doas (since the root directory is
shared by several accounts, I would suggest /.doas_root).  Now from
that account, to get a root shell type:

$ doas root shell

From any other account, an error message will appear.  Any account on
the system can have a .doas file.

-----------------------------------------------

Bugs.
I want to here about any bugs you may find.  This includes security
holes in the program (NOT THE IDEA :); spelling errors in the
documentation; unclear documentation; missing features; and general
ideas.  