This is an automated archive.

The original was posted on /r/linux by /u/LeChatP on 2023-08-30 15:05:14+00:00.

Hello everyone!

My project RootAsRole from C language is now entirely rewritten in Rust.

RootAsRole allows you to configure your privilege access management more securely on a single Linux operating system. Unlike sudo, this project doesn’t want to give the entire privilege set for any insignificant administrative task using Linux Capabilities, so you could find capabilities needed quickly with the “capable” command.

Unlike sudo, this project sets the principle of least privilege on its core features. Like sudo, this project aims for the best usability features. More than sudo, we use commonly used or standardized syntaxes (XML, extended glob, PCRE2). More than sudo, we use an access control model which allows in the future to more precise least privilege needs. More than sudo, we manage a partial order comparison between rules that prevent rule shadowing or unauthorized access due to configuration errors. More than sudo, we provide conflict interest features. And many more features that you could discover here

RootAsRole is based on Research papers RESSI 2023, Computers & Security,3(old) to find theoretical solutions to the best way to manage privilege access management and the most usable form.

By using a role-based access control model, this project allows us to better manage administrative tasks. With this project, you could distribute a subset of privileges and prevent them from escalating directly.

Unlike sudo, we do not provide the vast historical and unused features that mostly nobody knows and forcibly do not pertain to everyone.

Do not hesitate to propose new functionalities as GH issues! Don’t hesitate to ask questions! I’m currently the only one developing this project, mainly concerning my current PhD subject (I’m currently a PhD student).

Thank you for your attention and your time,

Have a nice day !