2022-11-09 00:44:31 +00:00
|
|
|
# **Crab**
|
2022-11-09 05:51:47 +00:00
|
|
|
`Crab`, a.k.a `Cool Rust Authentication Binary` is a rusty replacement for sudo or doas on Linux systems.
|
2022-11-09 00:44:31 +00:00
|
|
|
|
|
|
|
|
# Installation
|
2022-11-09 03:07:02 +00:00
|
|
|
### From Source
|
2022-11-09 16:46:26 +00:00
|
|
|
First run `cargo build --release` to compile the binary.
|
2022-11-09 05:51:47 +00:00
|
|
|
Then run `install.sh` as root to install crab.
|
2022-11-09 03:07:02 +00:00
|
|
|
|
2022-11-09 16:46:26 +00:00
|
|
|
Run `uninstall.sh` as root to uninstall crab.
|
|
|
|
|
|
2022-11-09 03:07:02 +00:00
|
|
|
### Arch Based Systems
|
2022-11-09 16:46:26 +00:00
|
|
|
If you are on an arch based distro, crab is avaliable on the [AUR](https://aur.archlinux.org/packages/crab) as `crab`.
|
2022-11-09 00:44:31 +00:00
|
|
|
|
|
|
|
|
# Configuration
|
2022-11-11 14:56:48 +00:00
|
|
|
Each line in the configuration specifies a different rule. Each rule is applied from top to bottom,
|
|
|
|
|
so the first onethat matches a user is what is used. The first word is either `permit` or `deny` to
|
|
|
|
|
allow or deny a certain group. Then the tags `persist` and `nopass` can be added to allow authoriziation
|
|
|
|
|
persistance or skipping respectively. Then a user can be specified by putting their name, or a group by a
|
|
|
|
|
colon then the groups name. Finally, if you dont want to run that user as root, you can add `as` and then
|
|
|
|
|
a user name to run the process as. All lines starting in a # will be ignored.
|
2022-11-09 00:44:31 +00:00
|
|
|
|
|
|
|
|
For Example
|
|
|
|
|
```
|
2022-11-11 14:56:48 +00:00
|
|
|
deny :docker
|
|
|
|
|
permit nopass persist linus as root
|
|
|
|
|
permit :wheel persist
|
|
|
|
|
#deny stallman
|
|
|
|
|
permit nvidia as fu
|
2022-11-09 00:44:31 +00:00
|
|
|
```
|
2022-11-09 16:46:26 +00:00
|
|
|
The default configuration file is stored in `/usr/share/crab/crab.conf` and must be coppied to `/etc/crab.conf`.
|
