The syntax of the command is:
sushc target_user_group shellscript para1 para2 ... sushc --help sushc --version sushc -directive para1 para2 ...
The first format invokes a shell script, this is explained in the next section.
"sushc --help" prints a help text to the standard output and exits.
"sushc --version" prints the version of the program to the standard output.
"sushc -directive para1 para2 ...", where "directive" is any word, and the parameters can be anything, does nothing. The program quietly exits in this scenario. See later for the handling of the "directives".
sushc target_user_group shellscript para1 para2 ...
|target_user_group||This is usually just the name of the LINUX user to run the scripts as. The full format of this is explained below.|
|shellscript||This is the path name to the shellscript to run as the user. It uses the PATH environment variable to find a suitable occurrence of the script.|
|para1, para2 etc||are optional parameters for the shellscript.|
This, in the vast majority of cases, will just be the user name of the target user to run the script as. However, it can be one of the following:
Where user is the target user to run the script as, and group is the group to run it as. The last two are only valid if the "sushc" executable is not owned by root, and the script is to be run by the owner of the "sushc" executeable.
On invocation "sushc" scans the PATH environment variable looking for an executable regular file. When it finds one it performs a number of tests to see if it a suitable "sushc" target as described below. If it is it executes it using "/bin/sh", otherwise it returns with an error. It will not continue searching through the PATH directories at that point.
It is worth noting that this is not necessarily the one that the shell finds in the PATH, though normally it will be.
Sushc performs the following checks:
Should it pass this then it reads the files contents line by line looking for "sushc" permission commands described below. It stops when either:
If, at that point, there has not been a "sushc permission command" that grants permission to run the script for the calling user then sushc will abort with an error. If however there is sushc will execute the script using the command "/bin/sh shell_script_file" where the "shell_script_file" is the name of the shellscript with the approprioate directory from the PATH environment pre-pended to it if applicable.
The remainder of the parameters are passed to the shellscript when executing the "/bin/sh" command.
In order to protect against sushc being used for privilege escalation attacks, and other cracking attempts, suschc removes a number of environment variables prior to executing the target script. These are:
The removals of any of these environment variables can be surpressed by including the line:
sushi -keep VARIABLE_NAME
# sushi -keep VARIABLE_NAME
At the top of the shell script with the sushc "permission" lines.
As mentioned, if the "sushc" executeable is run with the first parameter starting with the "-" character then it simply exits the program (returning 0 or SUCCESS). Should the first parameter be "--help" or "--version" then it will output the relevant information to the standard output. Anything other parameter starting with "-" it will exit silently.
However, when "sushc" executes a shell script, before dointg so it will read the file line by line looking for lines whose first non-space character starts with the words:
It comes up with a "hit" for these if they are the first words in a comment as well....
# sushc -grant
# sushc -revoke
# sushc -keep
The "susch" program reads the file line by line searching for the above until one of the following occurs...
If a "hit" occurs then "sushc" will perform the appropriate directive as described below. It is worth noting again that these are NOT commands. Normal shell replacement and escape characters have no effect, and can confuse the issue. These are interpreted by "sushc" before it invokes the "/bin/sh" command (which in turn would read the file again).
A list of the functionality and purpose of these directives are as follows:
The syntax to is:
# sushi -grant user_group user_group ...
This grants permissions for users to run the script. Usually "user_group" is simply the name of the user that can run the script. However, it can be one of the following:
||This user ("transfer" in the example) can execute this script using "sushc"|
||Any user who is a member of the group ("general" in the example) can run the script using "sushc". This is valid for both if the "primary group" is set to this, or if the user is a "member" of the specified group.|
||The user can run the script using "sushc" only if the user is a member of the specified group. The group can either be the "primary group" of the user, or the user can be a member of the group.|
||Anyone can run the script using "sushc". This can also be:
for compatibility reasons.
The syntax to is:
# sushi -revoke user_group user_group ...
This revokes permissions for users to run the script. This is really used as users are not granted permissions to run this by default. However, it could be useful if there is a scenario that all users except for those belonging to an individual group can run the script using "sushc".
The "user_group" syntax is the same as that in the "sushc -grant" command.
When using "-grant" and "-revoke" options together in the script then logic is evaluated in a line by line order, each line "overwriting" permissions granted or revoked before. Therefore, the following:
#!/bin/bash # # Grant permission to all except outside users # # sushc -grant : # sushc -revoke :outside # ...
would grant any user who is not a member of the "outside" group to run the script using "sushc", however the following:
#!/bin/bash # # THIS SCRIPT IS IN ERROR # IT DOES NOT GRANT PERMISSIONS AS INTENDED # # Grant permission to all except outside users # # sushc -revoke :outside # sushc -grant : # ...
Lets anyone run the script, as the "sushc -grant :" line overwrites the "sushc -revoke :outside" line.
The syntax to is:
# sushi -nocomment
After this directive line has been declared all other "sushc" directives (-grant, -revoke etc) cannot exist in a comment line. This can make things more readable in certain circumstances. For instance:
#!/bin/bash # # First - turn of enabling sushc directive in comments... sushc -nocomment # # A number of people can run this... # sushc -grant thomas sushc -grant richard # Harry temporary moved to another project for now... # sushc -grant harrold sushc -grant fiona ...
After the script has been validated and is being executed using "/bin/sh", the "susch -grant" commands will also be executed as well. however, this has no effect as when "sushc" is executed with the first parameter starting with "-" it simply exits immediately quietly.
The syntax is,,
# sushi -keep ENVIRONMENT_VAR ENVIRONMENT_VAR ...
This program prevents "sushc" from removing one or environment variables that it otherwise would do so. If any environment variables specified here do not exist, or not on the list then this command has no effect.
Shell type wild cards are honoured when matching ("*", "?" etc). These should not be "escaped" as this is a directive and interpreted when sushc reads the file prior to execution, not a command as such.
The syntax to is:
# sushi -end
After this directive line has been declared scanning by "susch" stops and all lines after it are ignored. For example:
#!/bin/bash # # A number of people can run this... # # sushc -grant thomas # sushc -grant richard # sushc -end # sushc -grant harold ...
would grant permission to run the script using "sushci" to "thomas" and "richard", but not "harold". Scanning also stops when a non "susch" command is encountered, so...
#!/bin/bash # # A number of people can run this... # # sushc -grant louise # sushc -grant helen echo "Program started..." # sushc -grant amanda ...
would grant permissions to "louise" and "helen", but not "amanda" as that grant occurs after the first command.