4 ee814429 2020-06-29 xhr This is a copy of garotosopa's xodo repository since he deleted the repo. Do not bother him with pull requests, bugs, etc! Of course, the original copyright stays intact!
9 97695aca 2020-06-29 xhr Execute commands in Xorg as another user.
11 97695aca 2020-06-29 xhr ## Getting started
13 98157dba 2020-06-29 xhr $ ftp https://raw.githubusercontent.com/garotosopa/xodo/master/xodo.sh
14 98157dba 2020-06-29 xhr $ chmod +x xodo.sh
15 98157dba 2020-06-29 xhr $ doas mv -i xodo.sh /usr/local/bin/xodo
17 8ad21e87 2020-06-29 xhr If you don't have `doas` privilege for this, become `root` and copy the file accordingly.
21 98157dba 2020-06-29 xhr $ doas xodo --setup firefox
22 98157dba 2020-06-29 xhr $ xodo firefox
24 8ad21e87 2020-06-29 xhr If you don't have `doas` privilege for the initial setup, become `root` and setup `xodo` with the `--for` option as described further below.
26 97695aca 2020-06-29 xhr ## Command-line options
28 98157dba 2020-06-29 xhr xodo <command> [--as <user>]
29 98157dba 2020-06-29 xhr xodo --setup <command> [--as <user>] [--for <user>]
32 97695aca 2020-06-29 xhr ## Description
34 8ad21e87 2020-06-29 xhr The `xodo` utility authorizes another user to connect to the active Xorg display, then executes the given command as this other user. It's been developed to ease the steps for running desktop programs with different privileges than your own, so that a vulnerability doesn't compromise anything other than the program itself.
36 8ad21e87 2020-06-29 xhr Essentially, all `xodo` does is call `xauth` and `doas`, and it can also configure new users automatically with the `--setup` option.
38 8ad21e87 2020-06-29 xhr Before using `xodo` for executing a program, another user must exist, preferably for the sole purpose of running said program. It can be created either manually or using the `--setup` option, and the main user that's going to execute `xodo` must be allowed in `doas.conf` to execute the given command as this other user. This is already taken care of when using `xodo`'s `--setup` option. Unless told otherwise, this other user defaults to `<user>-<command>`.
40 98157dba 2020-06-29 xhr The command argument is mandatory and can either be an absolute or relative path, or just the command basename. In this latter case, the command is assumed to be in the current `PATH`. Arguments to the command being executed are not supported yet.
42 8ad21e87 2020-06-29 xhr Supported options are as follows:
44 97695aca 2020-06-29 xhr ### --as <user>
46 8ad21e87 2020-06-29 xhr When specified, this is the user as which the command is going to be executed, or the user that's going to be created when invoked with the `--setup` option.
48 8ad21e87 2020-06-29 xhr When ommitted, the convention assumes `<user>-<command>`. During setup, the username part can be overriden with the `--for` option. Otherwrise, the `$USER` environment variable is used.
50 97695aca 2020-06-29 xhr ### --for <user>
52 8ad21e87 2020-06-29 xhr When specified, this is the user that will be allowed to execute the command as another user. This options is only used with `--setup` for adding an entry to `doas.conf`.
54 8ad21e87 2020-06-29 xhr When ommitted, the current username in the `$USER` environment variable is used.
56 98157dba 2020-06-29 xhr ### --help<br>-h
58 97695aca 2020-06-29 xhr Display basic usage syntax.
60 97695aca 2020-06-29 xhr ### --setup <command>
62 8ad21e87 2020-06-29 xhr Adds a new user and authorizes the current user to execute the given command as this new user, by appending an entry to `doas.conf`. The current user is also added to the new user's own group, in order to have access to its files.
64 98157dba 2020-06-29 xhr If the new user already exists, no user is added and the current user is not added to any group, but `doas.conf` still gets a new entry.
66 8ad21e87 2020-06-29 xhr Options `--as` and `--for` overrides the username being created and the existing user that will be allowed to execute the command, respectively.
68 8ad21e87 2020-06-29 xhr This option must be used as `root`, as it calls `useradd` and `usermod`, and writes to `/etc/doas.conf`.
72 8ad21e87 2020-06-29 xhr Configure a separate user for Mike to execute Firefox:
74 98157dba 2020-06-29 xhr mike$ doas xodo --setup firefox
76 8ad21e87 2020-06-29 xhr This assumes that Mike is permitted in `doas.conf` to execute `xodo` as ` root`. If that's not so, `root` should be used directly for setting this up for Mike:
78 98157dba 2020-06-29 xhr root# xodo --setup firefox --for mike
80 98157dba 2020-06-29 xhr Either way, now Mike can execute Firefox as the user **mike-firefox**, so
81 97695aca 2020-06-29 xhr that any vulnerability in Firefox wouldn't compromise Mike's files:
83 98157dba 2020-06-29 xhr mike$ xodo firefox
85 8ad21e87 2020-06-29 xhr To create a user different than the `<user>-<command>` convention, use the `--as` option during setup:
87 8ad21e87 2020-06-29 xhr root# xodo --setup firefox --for mike --as mike-web
89 98157dba 2020-06-29 xhr Then specify this different user when executing `xodo`:
91 8ad21e87 2020-06-29 xhr mike$ xodo firefox --as mike-web
95 97695aca 2020-06-29 xhr * [doas(1)](http://man.openbsd.org/OpenBSD-current/man1/doas.1)
96 97695aca 2020-06-29 xhr * [doas.conf(5)](http://man.openbsd.org/OpenBSD-current/man5/doas.conf.5)
97 97695aca 2020-06-29 xhr * [xauth(1)](http://man.openbsd.org/OpenBSD-current/man1/xauth.1)
