sudo2 0.2.1

Detect if you are running as root, restart self with sudo or any other wrapper if needed or setup uid zero when running with the SUID flag set.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

# sudo2

## Changelogs

Following changes were made to the crate `karen` which is a fork of `sudo` and
`elevate`.

- Adds support for wildcard. It is possible to select all environment variables
  with using `sudo2::with_env_wildcards(&["*"])` (mimics `sudo -E`).
- Adds a few internal functions. `sudo2::running_as_root` return `true` if
  process already running as `root`.
- Adds `rustfmt.toml`

---

> Escalate to your manager and get root access!

This is an extended fork of the `sudo` and `elevate` crates, which is a simple library to restart your process with sudo to escalate privileges.

This fork is a refactor of the original version, with the following changes:

- A builder pattern for the `Elevate` struct
- An ability to use `pkexec` or `polkit` as an alternative to `sudo` by setting the wrapper from the builder

The API is a superset of the original `sudo` crate, so you can use it as a drop-in replacement, but you can also use the new builder pattern to set your own options (currently only wrapper is supported)

The original `sudo` crate can be found on [GitLab](https://gitlab.com/dns2utf8/sudo.rs) ([crates.io](https://crates.io/crates/sudo)).

[![crates.io](https://img.shields.io/crates/v/sudo?logo=rust)](https://crates.io/crates/karen/)
[![docs.rs](https://docs.rs/sudo/badge.svg)](https://docs.rs/karen)

Detect if you are running as root, restart self with `sudo` if needed or setup uid zero when running with the SUID flag set.

## Requirements

- Unix-like operating system
- The intended wrapper (sudo, pkexec, polkit) must be installed and in the PATH. The default is `sudo`.
- Linux or Mac OS X tested
  - It should work on \*BSD. You may want to use `doas` instead of `sudo` on OpenBSD using the new builder pattern.

## Example:

First, add sudo to your `Cargo.toml`:

```yaml
[dependencies]
sudo = "0.6.1"
```

In your `main.rs`:

```rust
fn main() -> Result<(), Box<dyn Error>> {
    sudo2::escalate_if_needed()?;
    println!("Hello, Root-World!");
    Ok( () )
}
```

If you are using logging based on the [log infrastructure](https://crates.io/crates/log) you will get timestamped and formatted output.

## Passing RUST_BACKTRACE

The crate will automatically keep the setting of `RUST_BACKTRACE` intact if it is set to one of the following values:

- `` <- empty string means no pass-through
- `1` or `true` <- standard trace
- `full` <- full trace

```bash
$ RUST_BACKTRACE=full cargo run --example backtrace
2020-07-05 18:10:31,544 TRACE [sudo] Running as User
2020-07-05 18:10:31,544 DEBUG [sudo] Escalating privileges
2020-07-05 18:10:31,544 TRACE [sudo] relaying RUST_BACKTRACE=full
[sudo] Passwort für user:
2020-07-05 18:10:39,238 TRACE [sudo] Running as Root
2020-07-05 18:10:39,238 TRACE [sudo] already running as Root
2020-07-05 18:10:39,238 INFO  [backtrace] entering failing_function
thread 'main' panicked at 'now you see me fail', examples/backtrace.rs:16:5
```

## Keeping part of the environment

You can keep parts of your environment across the sudo barrier.
This enables more configuration options often used in daemons or cloud environments:

```rust
    // keeping all environment variables starting with "EXAMPLE_" or "CARGO"
    sudo2::with_env(&["EXAMPLE_", "CARGO"]).expect("sudo failed");
```

**Warning:** This may introduce security problems to your application if untrusted users are able to set these variables.

```bash
$ EXAMPLE_EXEC='$(ls)' EXAMPLE_BTICKS='`ls`' cargo run --example environment
2020-07-07 16:32:11,261 INFO  [environment] ① uid: 1000; euid: 1000;

...

declare -x EXAMPLE_BTICKS="\`ls\`"
declare -x EXAMPLE_EXEC="\$(ls)"
...

[sudo] password for user:

2020-07-07 16:32:11,285 TRACE [sudo] Running as Root
2020-07-07 16:32:11,285 TRACE [sudo] already running as Root
2020-07-07 16:32:11,285 INFO  [environment] ② uid: 0; euid: 0;

...

declare -x EXAMPLE_BTICKS="\`ls\`"
declare -x EXAMPLE_EXEC="\$(ls)"
```

## Run a program with SUID

```bash
$ cargo run --example suid
2020-04-17 15:13:49,450 INFO  [suid] ① uid: 1000; euid: 1000;
uid=1000(user) gid=1000(user) groups=1000(user),4(adm),27(sudo)
2020-04-17 15:13:49,453 TRACE [sudo] Running as User
2020-04-17 15:13:49,453 DEBUG [sudo] Escalating privileges
[sudo] password for user:
2020-04-17 15:13:53,529 INFO  [suid] ① uid: 0; euid: 0;
uid=0(root) gid=0(root) groups=0(root)
2020-04-17 15:13:53,532 TRACE [sudo] Running as Root
2020-04-17 15:13:53,532 TRACE [sudo] already running as Root
2020-04-17 15:13:53,532 INFO  [suid] ② uid: 0; euid: 0;
uid=0(root) gid=0(root) groups=0(root)

```

Then give the file to `root` and add the suid flag.

```bash
$ sudo chown root target/debug/examples/suid
$ sudo chmod 4755 target/debug/examples/suid
```

Now run the program again:

```bash
$ target/debug/examples/suid
2020-04-17 15:14:37,199 INFO  [suid] ① uid: 1000; euid: 0;
uid=1000(user) gid=1000(user) euid=0(root) groups=1000(user),4(adm),27(sudo)
2020-04-17 15:14:37,202 TRACE [sudo] Running as Suid
2020-04-17 15:14:37,202 TRACE [sudo] setuid(0)
2020-04-17 15:14:37,202 INFO  [suid] ② uid: 0; euid: 0;
uid=0(root) gid=1000(user) groups=1000(user),4(adm),27(sudo)
```