soccera/rdo
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: soccera:master
Branches Tags
soccera:master
coast:main
coast:master
..
compare: coast:main
Branches Tags
coast:main
coast:master
soccera:master

No commits in common. "master" and "main" have entirely different histories.
master ... main

5 changed files with 47 additions and 137 deletions
Show stats Expand all files Collapse all files

42
Makefile
View file

@ -1,17 +1,11 @@
CFLAGS = -flto -Wall -Wextra -Werror -Wl,-z,now CFLAGS = -Wall -Wextra -Werror -Wl,-z,now
CFLAGS_RELEASE = ${CFLAGS} -O3 -s -D_FORTIFY_SOURCE=2 CFLAGS_RELEASE = ${CFLAGS} -O2 -s -D_FORTIFY_SOURCE=2
CFLAGS_DEBUG = ${CFLAGS} -O0 -g -fsanitize=undefined CFLAGS_DEBUG = ${CFLAGS} -O0 -g -fsanitize=undefined
CFLAGS_STATIC = ${CFLAGS_RELEASE} -static-pie CFLAGS_STATIC = ${CFLAGS_RELEASE} -static-pie
LIBS = -lcrypt LIBS = -lcrypt
CC = cc CC = cc
PREFIX ?= /usr/local all: rdo.c
BINDIR = ${PREFIX}/bin
MANDIR = ${PREFIX}/share/man
all: rdo
rdo: rdo.c
${CC} ${CFLAGS_RELEASE} rdo.c -o rdo ${LIBS} ${CC} ${CFLAGS_RELEASE} rdo.c -o rdo ${LIBS}
static: rdo.c static: rdo.c
@ -20,29 +14,17 @@ static: rdo.c
debug: rdo.c debug: rdo.c
${CC} ${CFLAGS_DEBUG} rdo.c -o rdo ${LIBS} ${CC} ${CFLAGS_DEBUG} rdo.c -o rdo ${LIBS}
install: all install: rdo
mkdir -p ${DESTDIR}${BINDIR} cp rdo ${DESTDIR}/usr/local/bin/rdo
cp rdo ${DESTDIR}${BINDIR}/rdo chown 0:0 ${DESTDIR}/usr/local/bin/rdo
chmod 4755 ${DESTDIR}${BINDIR}/rdo chmod 755 ${DESTDIR}/usr/local/bin/rdo
mkdir -p ${DESTDIR}${MANDIR}/man1 chmod u+s ${DESTDIR}/usr/local/bin/rdo
cp rdo.1 ${DESTDIR}${MANDIR}/man1/rdo.1 cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf
chmod 644 ${DESTDIR}${MANDIR}/man1/rdo.1 chmod 600 ${DESTDIR}/etc/rdo.conf
mkdir -p ${DESTDIR}${MANDIR}/man5
cp rdo.conf.5 ${DESTDIR}${MANDIR}/man5/rdo.conf.5
chmod 644 ${DESTDIR}${MANDIR}/man5/rdo.conf.5
mkdir -p ${DESTDIR}/etc
@if [ -f ${DESTDIR}/etc/rdo.conf ]; then \
echo "Skipping existing configuration file: ${DESTDIR}/etc/rdo.conf"; \
else \
cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf; \
chmod 644 ${DESTDIR}/etc/rdo.conf; \
fi
uninstall: uninstall:
rm -f ${DESTDIR}${BINDIR}/rdo rm /usr/local/bin/rdo
rm -f ${DESTDIR}${MANDIR}/man1/rdo.1 rm /etc/rdo.conf
rm -f ${DESTDIR}${MANDIR}/man5/rdo.conf.5
clean: clean:
rm rdo rm rdo

45
README.md
View file

@ -1,16 +1,18 @@
# RootDO # RootDO [![AUR](https://img.shields.io/aur/version/rdo.svg)](https://aur.archlinux.org/packages/rdo/)
This project aims to be a very slim alternative to both sudo and doas. This project aims to be a very slim alternative to both sudo and doas.
### Installation ### Installation
If you are on Arch Linux, you can download the package via the [AUR](https://aur.archlinux.org/packages/rdo/).
You can clone and build rdo with the following set of commands: You can clone and build rdo with the following set of commands:
```sh ```sh
git clone https://mrrp.sx7n8.tech/soccera/rdo.git git clone https://codeberg.org/sw1tchbl4d3/rdo
cd rdo cd rdo
make make
rdo make install sudo make install
``` ```
After that, you'll have to configure rdo to allow you to use it. After that, you'll have to configure rdo to allow you to use it.
@ -20,7 +22,7 @@ Then you're good to go!
To uninstall: To uninstall:
```sh ```sh
rdo make uninstall sudo make uninstall
``` ```
### Usage ### Usage
@ -35,8 +37,6 @@ Or, to get the password from stdin:
rdo - [command] rdo - [command]
``` ```
`rdo` will ask for your password and grant you a session, on successful authentication you will be able to use `rdo` for the time specified in `session_ttl`. You have 3 attempts to enter the correct password.
The configuration file has the following variables: The configuration file has the following variables:
``` ```
group=wheel group=wheel
@ -45,9 +45,34 @@ session_ttl=5
``` ```
- `group`: The group of users that is allowed to execute rdo. - `group`: The group of users that is allowed to execute rdo.
- `wrong_pw_sleep`: The amount of milliseconds to sleep at a wrong password attempt. Must be a positive integer. Set to 0 to disable. Defaults to 1000. - `wrong_pw_sleep`: The amount of milliseconds to sleep at a wrong password attempt. Must be a positive integer. Set to 0 to disable.
- `session_ttl`: The amount of minutes a session lasts. Must be a positive integer. Set to 0 to disable. Defaults to 5. - `session_ttl`: The amount of minutes a session lasts. Must be a positive integer. Set to 0 to disable.
### Benchmarks
The benchmark: Execute `whoami` (GNU coreutils 9.1) 10000 times.
Yes, this is a silly benchmark. Yes, the performance gain in real world application is close to nothing.
But it's fun!
|Program|Time|
--- | ---
sudo 1.19.11 | 46.85s
doas 6.8.2 | 32.57s
rdo 1.4.2 | 13.37s
Baseline | 7.95s
### License > Baseline here is how long it took without any wrapper to make it root.
This project is licensed under the GNU General Public License v3.0. See the `LICENSE` file for the full license text. These benchmarks were done on a `Intel i5 7200U` processor, on a Debian 12 Docker container.
`sudo` and `doas` were pulled from the Debian repos, `rdo` was compiled locally.
All configs were kept as default, except allow the `wheel` group on both + enable `persist` on doas.
The benchmark can be executed through a Docker container by running:
```
make bench-build bench-run
```

1
metadata/layout.conf
View file

@ -1 +0,0 @@
masters = gentoo

67
rdo.1
View file

@ -1,67 +0,0 @@
.TH RDO 1 "August 2025" "rdo 1.4.3" "User Commands"
.SH NAME
rdo \- execute commands as the superuser
.SH SYNOPSIS
.B rdo
[\fB-\fP]
\fIcommand\fP [\fIargs ...\fP]
.SH DESCRIPTION
The
.B rdo
utility allows a user to run a command as the superuser.
.B rdo
authenticates the user by asking for their password.
Once authenticated,
.B rdo
can optionally cache the successful authentication for a configurable duration.
.PP
The security policy is configured in the
.I /etc/rdo.conf
file. This file determines which users are permitted to use
.BR rdo .
.SH OPTIONS
.TP
.B \-
Read the password from standard input instead of the terminal.
.SH EXIT STATUS
The
.B rdo
utility exits with one of the following values:
.TP
\fB0\fP
The usage message was printed and
.B rdo
exited.
.TP
\fB1\fP
An error occurred.
.PP
Otherwise, the exit status is that of the command executed.
.SH FILES
.TP
.I /etc/rdo.conf
The
.B rdo
configuration file.
.SH EXAMPLES
Run the
.I id
command as the superuser:
.IP
.EX
$ rdo id -u
.EE
.PP
Run a shell as the superuser:
.IP
.EX
$ rdo /bin/sh
.EE
.SH SEE ALSO
.BR doas (1),
.BR sudo (8),
.BR rdo.conf (5)
.SH AUTHOR
The
.B rdo
project was created by sw1tchbl4d3 and was heavily modified by coast and soccera.

29
rdo.conf.5
View file

@ -1,29 +0,0 @@
.TH RDO.CONF 5 "August 2025" "rdo 1.4.3" "File Formats"
.SH NAME
rdo.conf \- configuration file for rdo
.SH DESCRIPTION
The
.B rdo
utility reads the
.I /etc/rdo.conf
file for its configuration.
.PP
The file consists of
.I variable=value
pairs. Comments are not supported. Leading and trailing whitespace is ignored.
.SH VARIABLES
.TP
.B group=\fIgroup\fP
Specifies the group whose members are allowed to run
.BR rdo .
This is a mandatory variable.
.TP
.B wrong_pw_sleep=\fImilliseconds\fP
The amount of time in milliseconds to wait after a wrong password attempt before prompting again. If not set, the default is 1000. Set to 0 to disable.
.TP
.B session_ttl=\fIminutes\fP
The time to live in minutes for a cached authentication. If a user successfully authenticates, they can run
.B rdo
without a password for this duration. If not set, the default is 5. Set to 0 to disable session caching.
.SH SEE ALSO
.BR rdo (1)