GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → miheerdew → Delayed Admin

miheerdew / Delayed Admin

Licence: mit
A self-control tool for system administrators.

Programming Languages

shell
77523 projects

Labels

sudo

Projects that are alternatives of or similar to Delayed Admin

suex
execute commands as another user
Stars: ✭ 39 (+8.33%)
Mutual labels:  sudo
sudohulk
try privilege escalation changing sudo command
Stars: ✭ 114 (+216.67%)
Mutual labels:  sudo
Impost3r
👻Impost3r -- A linux password thief
Stars: ✭ 355 (+886.11%)
Mutual labels:  sudo
pam pwnd
A PAM module to test passwords against previous leaks at haveibeenpwned.com
Stars: ✭ 33 (-8.33%)
Mutual labels:  sudo
wsudo
Proof of concept sudo for Windows
Stars: ✭ 71 (+97.22%)
Mutual labels:  sudo
OpencvInstallation
shell script for openCV installation and configuration in linux based system. Most easy way to configue openCV, you only need to run opencv.sh shell file.
Stars: ✭ 16 (-55.56%)
Mutual labels:  sudo
go-gtfo
gtfo, now with the speed of golang
Stars: ✭ 59 (+63.89%)
Mutual labels:  sudo
Freeipa
Mirror of FreeIPA, an integrated security information management solution
Stars: ✭ 520 (+1344.44%)
Mutual labels:  sudo
createprocess-windows
A complete, robust command-line utility to construct highly customized calls to the CreateProcess() Windows API. Released under a MIT or LGPL license.
Stars: ✭ 74 (+105.56%)
Mutual labels:  sudo
Electron Sudo
Electron subprocesses with administrative privileges, prompting the user with an OS dialog if necessary.
Stars: ✭ 336 (+833.33%)
Mutual labels:  sudo
win-sudo
Add `sudo` command to Git Bash
Stars: ✭ 145 (+302.78%)
Mutual labels:  sudo
kakoune-sudo-write
Write to files using 'sudo'
Stars: ✭ 24 (-33.33%)
Mutual labels:  sudo
sudo
Development repository for sudo cookbook
Stars: ✭ 119 (+230.56%)
Mutual labels:  sudo
dotfiles
Cross platform home directory settings
Stars: ✭ 17 (-52.78%)
Mutual labels:  sudo
Ansible Role Security
Ansible Role - Security
Stars: ✭ 398 (+1005.56%)
Mutual labels:  sudo
ubuntu-vnc-xfce-g3
Headless Ubuntu/Xfce containers with VNC/noVNC (Generation 3)
Stars: ✭ 83 (+130.56%)
Mutual labels:  sudo
Qubes-scripts
Scripts that help with administration and usage of Qubes OS
Stars: ✭ 33 (-8.33%)
Mutual labels:  sudo
Sudo
sudo for windows
Stars: ✭ 648 (+1700%)
Mutual labels:  sudo
Gbt
Highly configurable prompt builder for Bash, ZSH and PowerShell written in Go.
Stars: ✭ 457 (+1169.44%)
Mutual labels:  sudo
Pam reattach
Reattach to the user's GUI session on macOS during authentication (for Touch ID support in tmux)
Stars: ✭ 262 (+627.78%)
Mutual labels:  sudo
View All Similar Projects ➔

Build Status

Delayed Admin

A tool for administrators to (temporarily) drop admin privileges - to use tools like Parental Controls, Self Control, etc., on themselves!

The code has been tested on MacOS and Ubuntu, but it should work for other unix like systems too.

Feel free to open a new issue if you have any suggestions, questions or feedback!

Warning

It is possible to lock yourself out of admin privileges while you play around with this project. To prevent this, keep another administrator account which you can access if things go wrong. (BTW, if you wish to lock that password up somewhere online see Lockbox).

Tutorials

Tutorial for linux by SK.

How does it work?

First an analogy

Say you have a box containing an endless supply of candies, and that lately you have been eating lot more candy than you should be. After all, whenever you have an impulse to eat candy, it is so easy to just open the box and grab one. It's so hard to fight the craving!

Now, imagine instead that the box had a mechanism to ensure that it only opened 20 min after you tell it to. Then it would be much easier to resist the temptation of eating the candy, because even though the craving is there, there is nothing you can do about it, at least for the next 20 minutes.

This is the principle Delayed Admin is based upon. It gives you a delayed access to admin privileges (the candy-box).

The technical bit

On installation, a new group called delayed-admin is created with an entry in the sudoers file allowing anyone in the delayed-admin group to run the script /usr/local/bin/delayed as root. The delayed script simply sleeps for some amount of time (as specified in /etc/delayed-admin.conf) and runs the command in its argument as root.

Why would anyone use this?

Self-control. Suppose Anand runs MacOS/Linux on his laptop. He wants to enforce a no-screen time and restrict his visits to certain websites. Sure, he can install a parental control app, or change some settings, or use url-blacklists. But being an administrator for his laptop, he can also uninstall that program, or remove those settings anytime.

This is where Delayed Admin would help. Anand only retains a delayed administrator access so that he can still do the routine system update or any other administrator stuff that he wants, but only after waiting for 20 minutes. Basically, this deters him from taking administator actions at whim, allowing only for deliberate ones.

In this example he would set up those parental controls, and then use delayed to deter him from disabling them.

How to use it?

Install

To install, change to the delayed-admin directory and run:

sudo ./setup.sh install

This will go through a couple of actions. Ensure that the installation was successful before moving further.

Usage

There are two ways to use Delayed-Admin: using either the timed lock or the unlock delay.

  1. Timed Lock: This will pause administrator access till the specified period of time.

    For instance, if Anand wants to forgo his administrator access for the next 2 hours, he can run:

    sudo ./abdicate.sh "now+2hr"

    He will now be an ordinary user for the next 2 hours, after which he will regain administrator access. The time argument is the time at which the administrator access should be regained.

    See man at for the syntax permitted by the last argument (e.g on Fedora you might have to say "now + 2 hour"). You might have to log out for changes to completely take effect.

  2. Unlock Delay: This is a slightly more complicated concept, but it is at the heart of Delayed-Admin. The analogy describes this, and you also can think of it as back door to admin privileges, that requires a delay to open.

    To see the usage, let us take a scenario. Suppose Anand has already set up a program that logs him out between 10 PM-6 AM. Now, he doesn't wants to use his administrator access impulsively so he installs Delayed-Admin. After this he should:

    • Lock his administrator access

      ./admin-helper.sh lock

      That is it. But depending on your OS, you might have to log out for changes to completely take effect. Now he doesn't have sudo access.

      ./admin-helper.sh status
# Admin access is locked

sudo whoami
# Sorry, user Anand is not allowed to execute as root

    • Until he wants to use his administrator access again. Then he can either run the delayed command, or unlock his administrator access using admin-helper. But neither of these actions will be instantaneous.

      sudo delayed whoami
# Wait for 30s before returning 
# root

sudo delayed
# Wait for 30s before returning a root shell

./admin-helper.sh unlock
# Wait for 30s before unlocking

# Now this works.
sudo whoami
# root

      He can, of course, change the delay to a larger value by editing the file /etc/delayed-admin.conf

      Exercise: After following the above instructions, change the value of delay from 30s to 1200s (i.e 20min).

Uninstall

First, unlock yourself if your admin-access is locked. Then, to undo the changes made during the install step, run:

sudo ./setup.sh uninstall

License

See the LICENSE file for license rights and limitations (MIT)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].