.\" Automatically generated by Pandoc 2.2.1
.\"
.TH "please" "1" "25 April 2021" "please 0.4.1" "User Manual"
.hy
.SH NAME
.PP
please \- a tool for access elevation.
.SH SYNOPSIS
.PP
\f[B]please /bin/bash\f[]
.PP
\f[B]pleaseedit /etc/fstab\f[]
.PP
\f[B]pleaseedit [\-r/\-\-reason "new fs"] /etc/fstab\f[]
.PP
\f[B]please [\-c/\-\-check] /etc/please.ini\f[]
.PP
\f[B]please [\-d/\-\-dir] [dir] command\f[]
.PP
\f[B]please [\-h/\-\-help]\f[]
.PP
\f[B]please [\-t/\-\-target username] backup tar \-cvf \- /home/data |
\&...\f[]
.PP
\f[B]please [\-u/\-\-user username] backup tar \-cvf \- /home/data |
\&...\f[]
.PP
\f[B]please [\-l/\-\-list]\f[]
.PP
\f[B]please [\-l/\-\-list] [\-t/\-\-target username]\f[]
.PP
\f[B]please [\-l/\-\-list] [\-u/\-\-user username]\f[]
.PP
\f[B]please [\-n/\-\-noprompt] command\f[]
.PP
\f[B]please [\-r/\-\-reason "sshd reconfigured, ticket 24365"]
/etc/init.d/ssh restart\f[]
.PP
\f[B]please [\-p/\-\-purge]\f[]
.PP
\f[B]please [\-w/\-\-warm]\f[]
.SH DESCRIPTION
.PP
\f[B]please\f[] and \f[B]pleaseedit\f[] are sudo alternatives that have
regex support and a simple approach to ACL.
.PP
The aim is to allow admins to delegate accurate principle of least
privilege access with ease.
\f[B]please.ini\f[] allows for very specific and flexible regex defined
permissions.
.PP
\f[B]pleaseedit\f[] adds a layer of safety to editing files.
The file is copied to /tmp, where it can be updated.
When \f[B]EDITOR\f[] exits cleanly the file is copied alongside the
target, the file will then be renamed over the original, but if a
\f[B]exitcmd\f[] is configured it must exit cleanly first.
.TP
.B \f[B]\-c\f[]/\f[B]\-\-check file\f[]
will check the syntax of a \f[B]please.ini\f[] config file.
Exits non\-zero on error
.RS
.RE
.TP
.B \f[B]\-d\f[]/\f[B]\-\-dir\f[]
will change directory to \f[B]dir\f[] prior to executing the command
.RS
.RE
.TP
.B \f[B]\-h\f[]/\f[B]\-\-help\f[]
print help and exit
.RS
.RE
.TP
.B \f[B]\-l\f[]/\f[B]\-\-list\f[]
to list rules
.RS
.RE
.TP
.B \f[B]\-n\f[]/\f[B]\-\-noprompt\f[]
will not prompt for authentication and exits with a status of 1
.RS
.RE
.TP
.B \f[B]\-p\f[]/\f[B]\-\-purge\f[]
will purge your current authentication token for the running user
.RS
.RE
.TP
.B \f[B]\-r\f[]/\f[B]\-\-reason\f[] \f[B][reason]\f[]
will add \f[B]reason\f[] to the system log
.RS
.RE
.TP
.B \f[B]\-t\f[]/\f[B]\-\-target\f[] \f[B][username]\f[]
to execute command, or edit as target \f[B]username\f[]
.RS
.RE
.TP
.B \f[B]\-u\f[]/\f[B]\-\-user\f[] \f[B][username]\f[]
to execute command, or edit as target \f[B]username\f[]
.RS
.RE
.TP
.B \f[B]\-v\f[]/\f[B]\-\-version\f[]
print version and exit
.RS
.RE
.TP
.B \f[B]\-w\f[]/\f[B]\-\-warm\f[]
will warm an authentication token and exit
.RS
.RE
.SH EXAMPLE USAGE
.TP
.B \f[B]please \-t httpd /bin/bash\f[]
run a shell as the httpd user
.RS
.RE
.TP
.B \f[B]please \-l\f[]
to list what you may run
.RS
.RE
.TP
.B \f[B]please \-t "username" \-l\f[]
to show what username may run.
\f[B]username\f[] must match the target regex in a \f[B]type=list\f[]
rule
.RS
.RE
.TP
.B \f[B]please \-r \[aq]reloading apache2, change #123\[aq] systemctl reload apache2\f[]
to reload apache2 with a reason
.RS
.RE
.TP
.B \f[B]pleaseedit \-r \[aq]adding new storage, ticket #24365\[aq] /etc/fstab\f[]
to use pleaseedit to modify \f[B]fstab\f[]
.RS
.RE
.PP
Please see \f[B]please.ini\f[] for configuration examples.
.SH FILES
.PP
/etc/please.ini
.SH CONTRIBUTIONS
.PP
I welcome pull requests with open arms.
New features always considered.
.SH BUGS
.PP
Found a bug?
Please either open a ticket or send a pull request/patch.
.SH SEE ALSO
.PP
\f[B]please.ini\f[](5)
.SH AUTHORS
Ed Neville (ed\-please\@s5h.net).