coast/rdo
1
0
Fork 0
forked from soccera/rdo
Code Pull requests Activity

Compare commits

merge into: coast:main
Branches Tags
coast:master
coast:main
soccera:master
...
pull from: soccera:master
Branches Tags
soccera:master
coast:master
coast:main
Sign in to create a new pull request.

5 commits
main ... master

Author SHA1 Message Date
lily
0b38e485b2 fix readme 2025-08-13 11:23:36 +10:00
lily
d96d862383 fix readme 2025-08-13 11:22:01 +10:00
lily
71896dabaa add manpage and fix makefile 2025-08-13 11:13:10 +10:00
soccera
2180cc7119 Merge pull request 'changed compiler to cc, shortened rdo.c' (#1) from coast/rdo:main into master 
Reviewed-on: soccera/rdo#1
 2025-08-12 22:37:28 +00:00
lily
20a97c65ad add ebuild 2025-08-13 08:34:13 +10:00
5 changed files with 137 additions and 47 deletions
Show stats Expand all files Collapse all files

42
Makefile
View file

@ -1,11 +1,17 @@
CFLAGS = -Wall -Wextra -Werror -Wl,-z,now CFLAGS = -flto -Wall -Wextra -Werror -Wl,-z,now
CFLAGS_RELEASE = ${CFLAGS} -O2 -s -D_FORTIFY_SOURCE=2 CFLAGS_RELEASE = ${CFLAGS} -O3 -s -D_FORTIFY_SOURCE=2
CFLAGS_DEBUG = ${CFLAGS} -O0 -g -fsanitize=undefined CFLAGS_DEBUG = ${CFLAGS} -O0 -g -fsanitize=undefined
CFLAGS_STATIC = ${CFLAGS_RELEASE} -static-pie CFLAGS_STATIC = ${CFLAGS_RELEASE} -static-pie
LIBS = -lcrypt LIBS = -lcrypt
CC = cc CC = cc
all: rdo.c PREFIX ?= /usr/local
BINDIR = ${PREFIX}/bin
MANDIR = ${PREFIX}/share/man
all: rdo
rdo: rdo.c
${CC} ${CFLAGS_RELEASE} rdo.c -o rdo ${LIBS} ${CC} ${CFLAGS_RELEASE} rdo.c -o rdo ${LIBS}
static: rdo.c static: rdo.c
@ -14,17 +20,29 @@ static: rdo.c
debug: rdo.c debug: rdo.c
${CC} ${CFLAGS_DEBUG} rdo.c -o rdo ${LIBS} ${CC} ${CFLAGS_DEBUG} rdo.c -o rdo ${LIBS}
install: rdo install: all
cp rdo ${DESTDIR}/usr/local/bin/rdo mkdir -p ${DESTDIR}${BINDIR}
chown 0:0 ${DESTDIR}/usr/local/bin/rdo cp rdo ${DESTDIR}${BINDIR}/rdo
chmod 755 ${DESTDIR}/usr/local/bin/rdo chmod 4755 ${DESTDIR}${BINDIR}/rdo
chmod u+s ${DESTDIR}/usr/local/bin/rdo mkdir -p ${DESTDIR}${MANDIR}/man1
cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf cp rdo.1 ${DESTDIR}${MANDIR}/man1/rdo.1
chmod 600 ${DESTDIR}/etc/rdo.conf chmod 644 ${DESTDIR}${MANDIR}/man1/rdo.1
mkdir -p ${DESTDIR}${MANDIR}/man5
cp rdo.conf.5 ${DESTDIR}${MANDIR}/man5/rdo.conf.5
chmod 644 ${DESTDIR}${MANDIR}/man5/rdo.conf.5
mkdir -p ${DESTDIR}/etc
@if [ -f ${DESTDIR}/etc/rdo.conf ]; then \
echo "Skipping existing configuration file: ${DESTDIR}/etc/rdo.conf"; \
else \
cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf; \
chmod 644 ${DESTDIR}/etc/rdo.conf; \
fi
uninstall: uninstall:
rm /usr/local/bin/rdo rm -f ${DESTDIR}${BINDIR}/rdo
rm /etc/rdo.conf rm -f ${DESTDIR}${MANDIR}/man1/rdo.1
rm -f ${DESTDIR}${MANDIR}/man5/rdo.conf.5
clean: clean:
rm rdo rm rdo

45
README.md
View file

@ -1,18 +1,16 @@
# RootDO [![AUR](https://img.shields.io/aur/version/rdo.svg)](https://aur.archlinux.org/packages/rdo/) # RootDO
This project aims to be a very slim alternative to both sudo and doas. This project aims to be a very slim alternative to both sudo and doas.
### Installation ### Installation
If you are on Arch Linux, you can download the package via the [AUR](https://aur.archlinux.org/packages/rdo/).
You can clone and build rdo with the following set of commands: You can clone and build rdo with the following set of commands:
```sh ```sh
git clone https://codeberg.org/sw1tchbl4d3/rdo git clone https://mrrp.sx7n8.tech/soccera/rdo.git
cd rdo cd rdo
make make
sudo make install rdo make install
``` ```
After that, you'll have to configure rdo to allow you to use it. After that, you'll have to configure rdo to allow you to use it.
@ -22,7 +20,7 @@ Then you're good to go!
To uninstall: To uninstall:
```sh ```sh
sudo make uninstall rdo make uninstall
``` ```
### Usage ### Usage
@ -37,6 +35,8 @@ Or, to get the password from stdin:
rdo - [command] rdo - [command]
``` ```
`rdo` will ask for your password and grant you a session, on successful authentication you will be able to use `rdo` for the time specified in `session_ttl`. You have 3 attempts to enter the correct password.
The configuration file has the following variables: The configuration file has the following variables:
``` ```
group=wheel group=wheel
@ -45,34 +45,9 @@ session_ttl=5
``` ```
- `group`: The group of users that is allowed to execute rdo. - `group`: The group of users that is allowed to execute rdo.
- `wrong_pw_sleep`: The amount of milliseconds to sleep at a wrong password attempt. Must be a positive integer. Set to 0 to disable. - `wrong_pw_sleep`: The amount of milliseconds to sleep at a wrong password attempt. Must be a positive integer. Set to 0 to disable. Defaults to 1000.
- `session_ttl`: The amount of minutes a session lasts. Must be a positive integer. Set to 0 to disable. - `session_ttl`: The amount of minutes a session lasts. Must be a positive integer. Set to 0 to disable. Defaults to 5.
### Benchmarks
The benchmark: Execute `whoami` (GNU coreutils 9.1) 10000 times.
Yes, this is a silly benchmark. Yes, the performance gain in real world application is close to nothing.
But it's fun!
|Program|Time|
--- | ---
sudo 1.19.11 | 46.85s
doas 6.8.2 | 32.57s
rdo 1.4.2 | 13.37s
Baseline | 7.95s
> Baseline here is how long it took without any wrapper to make it root. ### License
These benchmarks were done on a `Intel i5 7200U` processor, on a Debian 12 Docker container. This project is licensed under the GNU General Public License v3.0. See the `LICENSE` file for the full license text.
`sudo` and `doas` were pulled from the Debian repos, `rdo` was compiled locally.
All configs were kept as default, except allow the `wheel` group on both + enable `persist` on doas.
The benchmark can be executed through a Docker container by running:
```
make bench-build bench-run
```

1
metadata/layout.conf Normal file
View file

@ -0,0 +1 @@
masters = gentoo

67
rdo.1 Normal file
View file

@ -0,0 +1,67 @@
.TH RDO 1 "August 2025" "rdo 1.4.3" "User Commands"
.SH NAME
rdo \- execute commands as the superuser
.SH SYNOPSIS
.B rdo
[\fB-\fP]
\fIcommand\fP [\fIargs ...\fP]
.SH DESCRIPTION
The
.B rdo
utility allows a user to run a command as the superuser.
.B rdo
authenticates the user by asking for their password.
Once authenticated,
.B rdo
can optionally cache the successful authentication for a configurable duration.
.PP
The security policy is configured in the
.I /etc/rdo.conf
file. This file determines which users are permitted to use
.BR rdo .
.SH OPTIONS
.TP
.B \-
Read the password from standard input instead of the terminal.
.SH EXIT STATUS
The
.B rdo
utility exits with one of the following values:
.TP
\fB0\fP
The usage message was printed and
.B rdo
exited.
.TP
\fB1\fP
An error occurred.
.PP
Otherwise, the exit status is that of the command executed.
.SH FILES
.TP
.I /etc/rdo.conf
The
.B rdo
configuration file.
.SH EXAMPLES
Run the
.I id
command as the superuser:
.IP
.EX
$ rdo id -u
.EE
.PP
Run a shell as the superuser:
.IP
.EX
$ rdo /bin/sh
.EE
.SH SEE ALSO
.BR doas (1),
.BR sudo (8),
.BR rdo.conf (5)
.SH AUTHOR
The
.B rdo
project was created by sw1tchbl4d3 and was heavily modified by coast and soccera.

29
rdo.conf.5 Normal file
View file

@ -0,0 +1,29 @@
.TH RDO.CONF 5 "August 2025" "rdo 1.4.3" "File Formats"
.SH NAME
rdo.conf \- configuration file for rdo
.SH DESCRIPTION
The
.B rdo
utility reads the
.I /etc/rdo.conf
file for its configuration.
.PP
The file consists of
.I variable=value
pairs. Comments are not supported. Leading and trailing whitespace is ignored.
.SH VARIABLES
.TP
.B group=\fIgroup\fP
Specifies the group whose members are allowed to run
.BR rdo .
This is a mandatory variable.
.TP
.B wrong_pw_sleep=\fImilliseconds\fP
The amount of time in milliseconds to wait after a wrong password attempt before prompting again. If not set, the default is 1000. Set to 0 to disable.
.TP
.B session_ttl=\fIminutes\fP
The time to live in minutes for a cached authentication. If a user successfully authenticates, they can run
.B rdo
without a password for this duration. If not set, the default is 5. Set to 0 to disable session caching.
.SH SEE ALSO
.BR rdo (1)