.\" Automatically generated by Pandoc 2.9.2.1
.\"
.TH "please" "1" "10 June 2022" "please 0.5.3" "User Manual"
.hy
.SH NAME
.PP
please - a tool for access elevation.
.SH SYNOPSIS
.PP
\f[B]please /bin/bash\f[R]
.PP
\f[B]pleaseedit /etc/fstab\f[R]
.PP
\f[B]pleaseedit [-r/--reason \[dq]new fs\[dq]] /etc/fstab\f[R]
.PP
\f[B]pleaseedit [-g/--group groupname] filename\f[R]
.PP
\f[B]pleaseedit [-t/--target username] filename\f[R]
.PP
\f[B]please [-a/--allowenv list]\f[R]
.PP
\f[B]please [-c/--check] /etc/please.ini\f[R]
.PP
\f[B]please [-d/--dir directory] command\f[R]
.PP
\f[B]please [-e/--env environment] command\f[R]
.PP
\f[B]please [-g/--group groupname] command\f[R]
.PP
\f[B]please [-h/--help]\f[R]
.PP
\f[B]please [-t/--target username] backup tar -cvf - /home/data |
\&...\f[R]
.PP
\f[B]please [-u/--user username] backup tar -cvf - /home/data |
\&...\f[R]
.PP
\f[B]please [-l/--list]\f[R]
.PP
\f[B]please [-l/--list] [-t/--target username]\f[R]
.PP
\f[B]please [-l/--list] [-u/--user username]\f[R]
.PP
\f[B]please [-n/--noprompt] command\f[R]
.PP
\f[B]please [-r/--reason \[dq]sshd reconfigured, ticket 24365\[dq]]
/etc/init.d/ssh restart\f[R]
.PP
\f[B]please [-p/--purge]\f[R]
.PP
\f[B]please [-w/--warm]\f[R]
.SH DESCRIPTION
.PP
\f[B]please\f[R] and \f[B]pleaseedit\f[R] are sudo alternatives that
have regex support and a simple approach to ACL.
.PP
The aim is to allow admins to delegate accurate principle of least
privilege access with ease.
\f[B]please.ini\f[R] allows for very specific and flexible regex defined
permissions.
.PP
\f[B]pleaseedit\f[R] adds a layer of safety to editing files.
The file is copied to /tmp, where it can be updated.
When \f[B]EDITOR\f[R] exits cleanly the file is copied alongside the
target, the file will then be renamed over the original, but if a
\f[B]exitcmd\f[R] is configured it must exit cleanly first.
.TP
\f[B]-a\f[R]/\f[B]--allowenv list\f[R]
allow environments separated by \f[B],\f[R] to be passed through
.TP
\f[B]-c\f[R]/\f[B]--check file\f[R]
will check the syntax of a \f[B]please.ini\f[R] config file.
Exits non-zero on error
.TP
\f[B]-d\f[R]/\f[B]--dir\f[R]
will change directory to \f[B]dir\f[R] prior to executing the command
.TP
\f[B]-g\f[R]/\f[B]--group groupname\f[R]
run or edit as groupname
.TP
\f[B]-h\f[R]/\f[B]--help\f[R]
print help and exit
.TP
\f[B]-l\f[R]/\f[B]--list\f[R]
to list rules
.TP
\f[B]-n\f[R]/\f[B]--noprompt\f[R]
will not prompt for authentication and exits with a status of 1
.TP
\f[B]-p\f[R]/\f[B]--purge\f[R]
will purge your current authentication token for the running user
.TP
\f[B]-r\f[R]/\f[B]--reason\f[R] \f[B][reason]\f[R]
will add \f[B]reason\f[R] to the system log
.TP
\f[B]-t\f[R]/\f[B]--target\f[R] \f[B][username]\f[R]
to execute command, or edit as target \f[B]username\f[R]
.TP
\f[B]-u\f[R]/\f[B]--user\f[R] \f[B][username]\f[R]
to execute command, or edit as target \f[B]username\f[R]
.TP
\f[B]-v\f[R]/\f[B]--version\f[R]
print version and exit
.TP
\f[B]-w\f[R]/\f[B]--warm\f[R]
will warm an authentication token and exit
.SH EXAMPLE USAGE
.TP
\f[B]please -t httpd /bin/bash\f[R]
run a shell as the httpd user
.TP
\f[B]please -l\f[R]
to list what you may run
.TP
\f[B]please -t \[dq]username\[dq] -l\f[R]
to show what username may run.
\f[B]username\f[R] must match the target regex in a \f[B]type=list\f[R]
rule
.TP
\f[B]please -r \[aq]reloading apache2, change #123\[aq] systemctl reload apache2\f[R]
to reload apache2 with a reason
.TP
\f[B]pleaseedit -r \[aq]adding new storage, ticket #24365\[aq] /etc/fstab\f[R]
to use pleaseedit to modify \f[B]fstab\f[R]
.PP
Please see \f[B]please.ini\f[R] for configuration examples.
.SH FILES
.PP
/etc/please.ini
.SH CONTRIBUTIONS
.PP
I welcome pull requests with open arms.
New features always considered.
.SH BUGS
.PP
Found a bug?
Please either open a ticket or send a pull request/patch.
.SH SEE ALSO
.PP
\f[B]please.ini\f[R](5)
.SH AUTHORS
Ed Neville (ed-please\[at]s5h.net).