Calife is small program that enable a system administrator to become root (or another user) on his/her machines without giving the root password but his/her own.
The most interesting features of calife are:
- you keep your environment variables and shell aliases intact
- it has start and end of session logging
- you can have a list of all permitted logins for each calife user. That way, you can give a user newsmaster’s rights without giving out the
rootpassword
- you can specify a group in the configuration file instead of the logins of all administrators: Juste use @staff and all members of the staff will have access to calife
- calife can also be used to become users even if they have no home directory or even no shell. That’s very practical if you want to become uucp or even bin
- you can make calife runs a specific system-wide script at the end of the session (to send a mail about what was done as
rootfor example)
Availability
The latest release is now 3.0pre9, available at the primary site and the FTP mirrors here or there. As a last resort, you can use that one here. It has been signed with my PGP/GPG key (see here or a keyserver near you for the key) so please download the .sig file.
I have setup a Calife project in a Redmine instance on this machine. Please check it out.
Calife repositories in Mercurial (HG)
You can either use
hg clone URL local-directory
to pull these or browse the integrated web interface by clicking on the links below:
Main stable branch: Calife 2.8
New development branch: Calife 3.0/PAM
3.0pre9 hash is 9f47e558f7676066be6b0d5c4c1371a5.
NOTES on versions
2.8.6 is a security release after finding a possible buffer overflow in getpass(3) on Linux systems. 2.8.6 protects itself on all systems from this.
2.8.6-p2 is a minor upgrade to release the code for handling groups.
3.0 is now being worked on, the most important change is that 3.0 will be PAM compliant, allowing to separately manage password policy and means to obtain said password.
That way, we are now compatible with MacOS X 10.3 and up as the password is not available anymore through the usual getpwnam(3) API.
Relaxed mode in which one could use calife without a password has been deprecated and removed from the current source tree.
Calife is named after a very famous french comic taking place in an turkish/mideast country whereas the principal character – the Grand Vizir named “Iznogoud” – is always making plans to become “Calife” in place of the “Calife”.
![[Powered by PostgreSQL]](/images/pgsql-power.png)
![[Powered by FreeBSD]](/images/powerlogo.png)
![[Lynx supporter]](/images/lynxfull.png)
![[Powered by Apache]](/images/apachepower.png)
