please - Man Page

a tool for access elevation.

Synopsis

please /bin/bash

pleaseedit /etc/fstab

pleaseedit [-r/--reason "new fs"] /etc/fstab

pleaseedit [-g/--group groupname] filename

pleaseedit [-t/--target username] filename

pleaseedit [--resume] filename

please [-a/--allowenv list]

please [-c/--check] /etc/please.ini

please [-d/--dir directory] command

please [-e/--env environment] command

please [-g/--group groupname] command

please [-h/--help]

please [-t/--target username] backup tar -cvf - /home/data | ...

please [-u/--user username] backup tar -cvf - /home/data | ...

please [-l/--list]

please [-l/--list] [-t/--target username]

please [-l/--list] [-u/--user username]

please [-n/--noprompt] command

please [-r/--reason "sshd reconfigured, ticket 24365"] /etc/init.d/ssh restart

please [-p/--purge]

please [-w/--warm]

Description

please and pleaseedit are sudo alternatives that have regex support and a simple approach to ACL.

The aim is to allow admins to delegate accurate principle of least privilege access with ease. please.ini allows for very specific and flexible regex defined permissions.

pleaseedit adds a layer of safety to editing files. The file is copied to /tmp, where it can be updated. When EDITOR exits cleanly the file is copied alongside the target, the file will then be renamed over the original, but if a exitcmd is configured it must exit cleanly first. resume will continue editing when exitcmd fails.

-a/--allowenv list

allow environments separated by , to be passed through

-c/--check file

will check the syntax of a please.ini config file. Exits non-zero on error

-d/--dir

will change directory to dir prior to executing the command

-g/--group groupname

run or edit as groupname

-h/--help

print help and exit

-l/--list

to list rules

-n/--noprompt

will not prompt for authentication and exits with a status of 1

-p/--purge

will purge your current authentication token for the running user

-r/--reason [reason]

will add reason to the system log

-t/--target [username]

to execute command, or edit as target username

-u/--user [username]

to execute command, or edit as target username

-v/--version

print version and exit

-w/--warm

will warm an authentication token and exit

Example Usage

please -t httpd /bin/bash

run a shell as the httpd user

please -l

to list what you may run

please -t "username" -l

to show what username may run. username must match the target regex in a type=list rule

please -r 'reloading apache2, change #123' systemctl reload apache2

to reload apache2 with a reason

pleaseedit -r 'adding new storage, ticket #24365' /etc/fstab

to use pleaseedit to modify fstab

Please see please.ini for configuration examples.

Files

/etc/please.ini

Contributions

I welcome pull requests with open arms. New features always considered.

Bugs

Found a bug? Please either open a ticket or send a pull request/patch.

See Also

please.ini(5)

Authors

Ed Neville (ed-please@s5h.net).

Referenced By

please.ini(5).

06 September 2024 please 0.5.6 User Manual