crab/readme.md

# **Crab**
`Crab`, a.k.a `Cool Rust Authentication Binary` is a rusty replacement for sudo or doas on Linux systems.

# Installation
### From Source
To be able to build the package, you need cargo wich you can get either though rust or rust up.

To build, run the following commands below in the root directory of the repo. Make sure to run the shell script as root.
```bash
cargo build --release
chmod +x /deployments/source/install.sh
./deployments/source/install.sh
```

To uninstall, just run the following script as root.
```bash
chmod +x ./deployments/source/uninstall.sh
./deployments/source/uninstall.sh
```

### Arch Based Systems
If you are on an arch based distro, crab is avaliable on the [AUR](https://aur.archlinux.org/packages/crab) as `crab`.
```
paru -S crab
```

# Configuration

The default configuration file is stored in `/usr/share/crab/crab.conf` and must be coppied to `/etc/crab.conf`. 
```bash
cp /usr/share/crab/crab.conf /etc/crab.conf
chown root:root /etc/crab.conf
chmod 600 /etc/crab.conf
```

Each line in the configuration specifies a different rule. Each rule is applied from top to bottom, 
so the first onethat matches a user is what is used. The first word is either `permit` or `deny` to 
allow or deny a certain group. Then the tags `persist` and `nopass` can be added to allow authoriziation
persistance or skipping respectively. Then a user can be specified by putting their name, or a group by a
colon then the groups name. Finally, if you dont want to run that user as root, you can add `as` and then 
a user name to run the process as. All lines starting in a # will be ignored.

For Example
```
permit persist john
deny nvidia
permit :docker
permit persist nopass :wheel
```
Please make sure when editing your config that not normal users can edit the file, but only root. If normal users can edit the config, they can add themselvs as permitted and get elevated privilages.