Calife is small program that enable a UNIX system administrator to become root (or another user) on his/her machines without giving the root password but his/her own.
The most interesting features of calife are:
- you keep your environment variables and shell aliases intact
- it has start and end of session logging
- you can have a list of all permitted logins for each calife user. That way, you can give a user newsmaster’s rights without giving out the
rootpassword
- you can specify a group in the configuration file instead of the logins of all administrators: Juste use @staff and all members of the staff will have access to calife
- calife can also be used to become users even if they have no home directory or even no shell. That’s very practical if you want to become uucp or even bin
- you can make calife runs a specific system-wide script at the end of the session (to send a mail about what was done as
rootfor example)
Availability
The latest release is now 3.0.1, available at the primary site. Sorry, there is no FTP mirror for the moment. It has been signed with my PGP/GPG key (see here or a keyserver near you for the key) so please download the .sig file.
I have now setup a Calife project in a Redmine instance on this machine. Please check it out.
Calife repositories in Mercurial (HG)
You can either use
hg clone URL local-directory
to pull these or browse the integrated web interface by clicking on the links below:
Main branch:
Calife 3.0/PAM
3.0.1 md5 hash is f9734d184d33e196a0bbfee8b6aa3f97.
Oldish stable branch:
Calife 2.8
NOTES on versions
2.8.6 is a security release after finding a possible buffer overflow in getpass(3) on Linux systems. 2.8.6 protects itself on all systems from this.
2.8.6-p2 is a minor upgrade to release the code for handling groups.
3.0 has been released (see here), the most important change is that 3.0 is PAM compliant, allowing to separately manage password policy and means to obtain said password.
That way, we are now compatible with MacOS X 10.3+ and up as the password is not available anymore through the usual getpwnam(3) API.
Relaxed mode in which one could use calife without a password has been deprecated and removed from the current source tree.
Calife is named after a very famous french comic taking place in an turkish/mideast country whereas the principal character – the Grand Vizir named “Iznogoud” – is always making plans to become “Calife” in place of the “Calife”.

![[Powered by PostgreSQL]](http://static.keltia.net/images/pgsql-power.png)
![[Powered by FreeBSD]](http://static.keltia.net/images/powerlogo.png)

![[Lynx supporter]](http://static.keltia.net/images/lynxfull.png)
![[Powered by Apache]](http://static.keltia.net/images/apachepower.png)