Name: op
Summary: Allows restricted root access for specified users
Version: 1.32
Release: 4
License: BSD
Group: Applications/System
URL: http://swapoff.org/op/
Description: op provides a flexible means for system administrators to grant access
to certain root operations without having to give them full superuser
privileges. Different sets of users may access different operations,
and the security-related aspects of each operation can be carefully
controlled.
The build was not successful.
The build was not successful.
The spec file used by the build system currently has the following contents:
# $Id$ # Authority: dag # Upstream: Alec Thomas <alec$swapoff,org> %define _xauth /usr/bin/xauth %{?el4:%define _without_modxorg 1} %{?el3:%define _without_modxorg 1} %{?_without_modxorg:%define _xauth /usr/X11R6/bin/xauth} Summary: Allows restricted root access for specified users Name: op Version: 1.32 Release: 4%{?dist} License: BSD Group: Applications/System URL: http://swapoff.org/op/ Source: http://swapoff.org/files/op/op-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRequires: flex BuildRequires: pam-devel #%{!?_without_modxorg:BuildRequires: xorg-x11-xauth} #%{?_without_modxorg:BuildRequires: XFree86-xauth} Requires: %{_xauth} %description op provides a flexible means for system administrators to grant access to certain root operations without having to give them full superuser privileges. Different sets of users may access different operations, and the security-related aspects of each operation can be carefully controlled. %prep %setup %{__cat} <<'EOF' >op.conf ### This is the config file for the op tool. ### For more information about the syntax see manual page op(1) ### Define some users #OPERATORS=(dag|ramses) ### Define hosts that Fred is restricted to #DAG_HOSTS=(horsea|jynx) ### Define hosts that Barry is restricted to #RAMSES_HOSTS=(pikachu|jynx) ### Define user/host access list #ACCESS_LIST=dag@DAG_HOSTS|ramses@RAMSES_HOSTS ### 'op su' - gives user a root shell. ### Restrict a list of local users. #su # /bin/su -; # users=dag,ramses,wim # environment # password ### 'op reboot' - reboot system ### Shows how to use a simple access list #reboot # /sbin/reboot; # users=ACCESS_LIST # password ### 'op shutdown <time>' - shutdown at a certain time. ### Restricts argument to valid values only. #shutdown # /sbin/shutdown -h $1; # users=ACCESS_LIST # $1=(now|[0-1]?[0-9]:[0-9][0-9]|2[0-3]:[0-5][0-9]|+[0-9]+) ### 'op service <service> start|stop|restart|status' - Manipulate services. #service # /sbin/service $1 $2; # users=ACCESS_LIST # environment # $2=start|stop|restart|status ### 'op inetd on|off' - switch inetd on and off. ### Shows complex shell example and 'string' arguments. #inetd # /bin/sh -c ' # case $1 in # (on) /usr/sbin/inetd -s ;; # (off) /usr/bin/pkill inetd ;; # esac # '; # users=ACCESS_LIST # $1=on|off EOF %{__cat} <<EOF >su.conf ### 'op su' - gives user a root shell. ### Restrict a list of local users. #su # /bin/su -; # users=dag,ramses,wim # environment # password # xauth EOF %{__cat} <<EOF >op.pam #%PAM-1.0 auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth EOF %build %configure --enable-xauth="%{_xauth}" %{__make} %{?_smp_mflags} %install %{__rm} -rf %{buildroot} %{__make} install DESTDIR="%{buildroot}" %{__install} -Dp -m0600 op.conf %{buildroot}%{_sysconfdir}/op.conf %{__install} -Dp -m0644 op.pam %{buildroot}%{_sysconfdir}/pam.d/op %{__install} -d -m0700 %{buildroot}%{_sysconfdir}/op.d/ %{__install} -Dp -m0600 su.conf %{buildroot}%{_sysconfdir}/op.d/su.conf %clean %{__rm} -rf %{buildroot} %files %defattr(-, root, root, 0755) %doc ChangeLog COPYING op.conf* op.paper README %doc %{_mandir}/man1/op.1* %config(noreplace) %{_sysconfdir}/op.conf %config(noreplace) %{_sysconfdir}/op.d/ %config(noreplace) %{_sysconfdir}/pam.d/op %{_bindir}/op %changelog * Sun Jul 25 2010 Dag Wieers <dag@wieers.com> - 1.32-4 - Compiled with xauth support. * Mon Nov 10 2008 Dag Wieers <dag@wieers.com> - 1.32-3 - Fix some configuration files. * Thu Aug 16 2007 Dag Wieers <dag@wieers.com> - 1.32-2 - Change permissions of /etc/op.d/ to 0700. - Added su.conf example to show how it works. * Thu Dec 08 2005 Dries Verachtert <dries@ulyssis.org> - 1.32-1 - Updated to release 1.32. * Sat Sep 03 2005 Dag Wieers <dag@wieers.com> - 1.31-1 - Updated to release 1.31. * Sat May 28 2005 Dag Wieers <dag@wieers.com> - 1.30-1 - Updated to release 1.30. * Fri Apr 29 2005 Dag Wieers <dag@wieers.com> - 1.29-1 - Updated to release 1.29. * Fri Apr 08 2005 Dag Wieers <dag@wieers.com> - 1.28-1 - Updated to release 1.28. * Thu Jul 22 2004 Dag Wieers <dag@wieers.com> - 1.25-1 - Updated to release 1.25. * Wed May 05 2004 Dag Wieers <dag@wieers.com> - 1.23-1 - Updated to release 1.23. * Mon May 03 2004 Dag Wieers <dag@wieers.com> - 1.22-1 - Updated to release 1.22. * Fri Apr 30 2004 Dag Wieers <dag@wieers.com> - 1.21-2 - Added default pam configuration. - Improved the examples in the default config file. * Fri Apr 23 2004 Dag Wieers <dag@wieers.com> - 1.21-1 - Initial package. (using DAR)