add manpage and fix makefile

Makefile

@@ -5,7 +5,13 @@ CFLAGS_STATIC = ${CFLAGS_RELEASE} -static-pie
 LIBS = -lcrypt
 CC = cc
 
-all: rdo.c
+PREFIX ?= /usr/local
+BINDIR = ${PREFIX}/bin
+MANDIR = ${PREFIX}/share/man
+
+all: rdo
+
+rdo: rdo.c
 	${CC} ${CFLAGS_RELEASE} rdo.c -o rdo ${LIBS}
 
 static: rdo.c
@@ -14,17 +20,29 @@ static: rdo.c
 debug: rdo.c
 	${CC} ${CFLAGS_DEBUG} rdo.c -o rdo ${LIBS}
 
-install: rdo
+install: all
-	cp rdo ${DESTDIR}/usr/local/bin/rdo
+	mkdir -p ${DESTDIR}${BINDIR}
-	chown 0:0 ${DESTDIR}/usr/local/bin/rdo
+	cp rdo ${DESTDIR}${BINDIR}/rdo
-	chmod 755 ${DESTDIR}/usr/local/bin/rdo
+	chmod 4755 ${DESTDIR}${BINDIR}/rdo
-	chmod u+s ${DESTDIR}/usr/local/bin/rdo
+	mkdir -p ${DESTDIR}${MANDIR}/man1
-	cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf
+	cp rdo.1 ${DESTDIR}${MANDIR}/man1/rdo.1
-	chmod 600 ${DESTDIR}/etc/rdo.conf
+	chmod 644 ${DESTDIR}${MANDIR}/man1/rdo.1
+	mkdir -p ${DESTDIR}${MANDIR}/man5
+	cp rdo.conf.5 ${DESTDIR}${MANDIR}/man5/rdo.conf.5
+	chmod 644 ${DESTDIR}${MANDIR}/man5/rdo.conf.5
+	mkdir -p ${DESTDIR}/etc
+	@if [ -f ${DESTDIR}/etc/rdo.conf ]; then \
+		echo "Skipping existing configuration file: ${DESTDIR}/etc/rdo.conf"; \
+	else \
+		cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf; \
+		chmod 644 ${DESTDIR}/etc/rdo.conf; \
+	fi
+
 
 uninstall:
-	rm /usr/local/bin/rdo
+	rm -f ${DESTDIR}${BINDIR}/rdo
-	rm /etc/rdo.conf
+	rm -f ${DESTDIR}${MANDIR}/man1/rdo.1
+	rm -f ${DESTDIR}${MANDIR}/man5/rdo.conf.5
 
 clean:
 	rm rdo

rdo.1

@@ -0,0 +1,67 @@
+.TH RDO 1 "August 2025" "rdo 1.4.3" "User Commands"
+.SH NAME
+rdo \- execute commands as the superuser
+.SH SYNOPSIS
+.B rdo
+[\fB-\fP]
+\fIcommand\fP [\fIargs ...\fP]
+.SH DESCRIPTION
+The
+.B rdo
+utility allows a user to run a command as the superuser.
+.B rdo
+authenticates the user by asking for their password.
+Once authenticated,
+.B rdo
+can optionally cache the successful authentication for a configurable duration.
+.PP
+The security policy is configured in the
+.I /etc/rdo.conf
+file. This file determines which users are permitted to use
+.BR rdo .
+.SH OPTIONS
+.TP
+.B \-
+Read the password from standard input instead of the terminal.
+.SH EXIT STATUS
+The
+.B rdo
+utility exits with one of the following values:
+.TP
+\fB0\fP
+The usage message was printed and
+.B rdo
+exited.
+.TP
+\fB1\fP
+An error occurred.
+.PP
+Otherwise, the exit status is that of the command executed.
+.SH FILES
+.TP
+.I /etc/rdo.conf
+The
+.B rdo
+configuration file.
+.SH EXAMPLES
+Run the
+.I id
+command as the superuser:
+.IP
+.EX
+$ rdo id -u
+.EE
+.PP
+Run a shell as the superuser:
+.IP
+.EX
+$ rdo /bin/sh
+.EE
+.SH SEE ALSO
+.BR doas (1),
+.BR sudo (8),
+.BR rdo.conf (5)
+.SH AUTHOR
+The
+.B rdo
+project was created by sw1tchbl4d3 and was heavily modified by coast and soccera.

rdo.conf.5

@@ -0,0 +1,29 @@
+.TH RDO.CONF 5 "August 2025" "rdo 1.4.3" "File Formats"
+.SH NAME
+rdo.conf \- configuration file for rdo
+.SH DESCRIPTION
+The
+.B rdo
+utility reads the
+.I /etc/rdo.conf
+file for its configuration.
+.PP
+The file consists of
+.I variable=value
+pairs. Comments are not supported. Leading and trailing whitespace is ignored.
+.SH VARIABLES
+.TP
+.B group=\fIgroup\fP
+Specifies the group whose members are allowed to run
+.BR rdo .
+This is a mandatory variable.
+.TP
+.B wrong_pw_sleep=\fImilliseconds\fP
+The amount of time in milliseconds to wait after a wrong password attempt before prompting again. If not set, the default is 1000. Set to 0 to disable.
+.TP
+.B session_ttl=\fIminutes\fP
+The time to live in minutes for a cached authentication. If a user successfully authenticates, they can run
+.B rdo
+without a password for this duration. If not set, the default is 5. Set to 0 to disable session caching.
+.SH SEE ALSO
+.BR rdo (1)