Crab

Crab, a.k.a Cool Rust Authentication Binary is a rusty replacement for sudo or doas on Linux systems.

Installation

From Source

To be able to build the package, you need cargo wich you can get either though rust or rust up.

To build, run the following commands below in the root directory of the repo. Make sure to run the shell script as root.

cargo build --release
chmod +x /deployments/source/install.sh
./deployments/source/install.sh

To uninstall, just run the following script as root.

chmod +x ./deployments/source/uninstall.sh
./deployments/source/uninstall.sh

Arch Based Systems

If you are on an arch based distro, crab is avaliable on the AUR as crab.

paru -S crab

Configuration

The default configuration file is stored in /usr/share/crab/crab.conf and must be coppied to /etc/crab.conf.

cp /usr/share/crab/crab.conf /etc/crab.conf
chown root:root /etc/crab.conf
chmod 600 /etc/crab.conf

Each line in the configuration specifies a different rule. Each rule is applied from top to bottom, so the first onethat matches a user is what is used. The first word is either permit or deny to allow or deny a certain group. Then the tags persist and nopass can be added to allow authoriziation persistance or skipping respectively. Then a user can be specified by putting their name, or a group by a colon then the groups name. Finally, if you dont want to run that user as root, you can add as and then a user name to run the process as. All lines starting in a # will be ignored.

For Example

permit persist john
deny nvidia
permit :docker
permit persist nopass :wheel

Please make sure when editing your config that not normal users can edit the file, but only root. If normal users can edit the config, they can add themselvs as permitted and get elevated privilages.