udo

udo

sudo without the surplus

udo (/juː duː/) is a cross-platform CLI for running commands as another user. In other words, it's an alternative to sudo and OpenDoas. It's written in Rust, but unlike most projects this is not entirely for memory safety reasons. Rather, it is to take advantage of the Rust ecosystem's extensive CLI libs.

If you take interest in udo, please read the Word of Warning section first

Features

• Beautiful output with support for icons.
• Human-readable .toml config file.
• Support for running as any user.
• Setting and management of environment variables, unsetting unsafe variables.

Motivation

The main motivation for udo was for my own usage. I wanted a suid tool which had nice output, easy to understand configuration, and which provided a modern CLI. I decided to release it because I figured I couldn't be the only one. doas is nice in that it's far more simple than sudo, but it's still boring. I doubt this will be a common sentiment — most people want their suid tool to be boring.

Goals

udo does not aim for feature parity with sudo, nor does it aim to be usable in complex or security-critical environments (e.g. servers).

• Beautiful, configurable output.
• Easily readable and editable formats.
• Secure enough for home use.
• Take full advantage of modern Rust crates (e.g. crossterm, serde, clap).
• Sit between doas and sudo in terms of complexity.

Installation

udo currently is not packaged for any distro. This creates some difficulty in installation, as programs like sudo or udo need to be owned by root and have the suid permission bit set. Get the binary from the prebuilt releases or using cargo install udo, and then run the following as root:

chown root <path/to/udo>
chmod u+s <path/to/udo>

You will also need to create a PAM configuration file, usually at /etc/pam.d/udo. This file should be owned by root and have mode 644. This file will differ based on your system, but a valid file for MacOS looks like this:

auth       required       pam_opendirectory.so
account    required       pam_opendirectory.so

Usage

A modern replacement for sudo/doas

Usage: udo [OPTIONS] [command]...

Arguments:
  [command]...  The command to run

Options:
  -e, --preserve-env  Preserve environment variables
  -n, --nocheck       Skips validating the permissions and owner of udo
  -u, --user <user>   [default: root]
  -c, --clear         Clear the login cache
  -s, --shell
  -l, --login
  -h, --help          Print help
  -V, --version       Print version```

Configuration

udo's configuration file is located at /etc/udo/config.toml. Below is an example configuration showing all available options:

# Customises how udo looks
[display]
# Whether output should contain colors
color = true
# Whether output should use unicode symbols
unicode = true
# Whether output should use nerd icons
nerd = true
# Whether the password prompt should censor your password 
censor = true
# Whether the password/placeholder should be displayed at all
display_pw = true

# More granular customisation of output
[display.theme]
replace_char = '•'

# Security settings
[security]
# How long a cached password run should last. Cached runs are stored by uid, tty, and parent pid
timeout = 10
# Number of password attempts before failure
tries = 3
# The PATH variable to set. If unset, the entire PATH will be preserved
safe_path = "/usr/bin:/usr/local/bin:[etc]" 

# [[rules]] is an array of rules
[[rules]]
# target sets the user it targets. Like sudo, groups are prefixed with %
target = "%admin"
# hostname the rule applies to 
host = "ALL"
# do as user the rule applies to
user = "root"
# commands the rule applies to
command = "ALL"

# So this rule allows users of group %admin to run any command on any hostname as root
# Equivalent to the sudo rule %admin ALL=(root) ALL

A Word of Warning

I am not really a Unix developer, nor am I used to writing secure tools. This tool was created for my own use and as a learning exercise. I do have an interest in making it better for general usage, but I don't know where to start. If you use udo, please be aware that it probably will break, have vulnerabilities, fail to execute commands correctly, and more. This will be the case until it reaches v1.0.0

I would like udo to be robust enough that it can be the sole suid tool installed on some systems some day but it is nowhere near that point. In addition, by installing it you are probably increasing your attack surface dramatically. I'm proud of this piece of software, but it is still very much a work in progress.