Super is a setuid-root program that offers

    o  restricted setuid-root access to executables, adjustable
        on a per-program and per-user basis;

    o  a relatively secure environment for scripts, so that well-written
        scripts can be run as root (or some other uid/gid), without
        unduly compromising security.

See pkg/DESCR for a comparson w/sudo.

5 files changed, 96 insertions, 0 deletions

diff --git a/security/super/Makefile b/security/super/Makefile
new file mode 100644
index 00000000000..4d0260e3cc9
--- /dev/null
+++ b/security/super/Makefile
@@ -0,0 +1,34 @@
+# ex:ts=8
+# Ports collection makefile for:  foo
+# Version required:     	  3.9.7
+# Date created:			  Fri Mar 18, 1997
+# Whom:				  David O'Brien (obrien@FreeBSD.org)
+#
+# $Id: Makefile,v 1.2 1997/01/25 18:08:40 obrien Exp $
+#
+
+DISTNAME=	super-3.9.7
+CATEGORIES=	security sysutils
+MASTER_SITES=	ftp://phobos.caltech.edu/users/will/
+EXTRACT_SUFX=	.shar.gz
+
+MAINTAINER=     obrien@NUXI.com
+
+EXTRACT_CMD=	zcat
+EXTRACT_BEFORE_ARGS=
+EXTRACT_AFTER_ARGS=	|sed -e '1,/Cut Here/d'|sh
+MAN1=		super.1 setuid.1
+MAN5=		super.5
+
+
+post-install:
+	@strip ${PREFIX}/bin/super ${PREFIX}/bin/setuid
+	@${MKDIR} ${PREFIX}/share/examples
+	@${INSTALL} ${WRKSRC}/sample.tab ${PREFIX}/share/examples
+	@${INSTALL} ${WRKSRC}/sample.cdmount ${PREFIX}/share/examples
+.if !defined(NOPORTDOCS)
+	@${MKDIR} ${PREFIX}/share/doc/super
+	${INSTALL_MAN} ${WRKSRC}/README ${PREFIX}/share/doc/super
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/super/distinfo b/security/super/distinfo
new file mode 100644
index 00000000000..4c5aaa81cfe
--- /dev/null
+++ b/security/super/distinfo
@@ -0,0 +1 @@
+MD5 (super-3.9.7.shar.gz) = f554d775b06b7f57af9a0c93fb058c2d
diff --git a/security/super/pkg-comment b/security/super/pkg-comment
new file mode 100644
index 00000000000..3c4199465c2
--- /dev/null
+++ b/security/super/pkg-comment
@@ -0,0 +1 @@
+Allow others to run commands as root.
diff --git a/security/super/pkg-descr b/security/super/pkg-descr
new file mode 100644
index 00000000000..ef2e077e8f8
--- /dev/null
+++ b/security/super/pkg-descr
@@ -0,0 +1,52 @@
+Super is a setuid-root program that offers
+
+    o  restricted setuid-root access to executables, adjustable
+	on a per-program and per-user basis;
+
+    o  a relatively secure environment for scripts, so that well-written
+	scripts can be run as root (or some other uid/gid), without
+	unduly compromising security.
+
+Sample uses:
+    -  to call a script that allows users to use mount(8) on
+	cdrom's or floppy disks, but not other devices.
+
+    -  to restrict which users, on which hosts, may execute a
+	setuid-root program.
+
+    -  to allow groups of trusted users (e.g. an "operator" group) complete
+	root access to sets of selected commands such as, say, line-printer
+	control commands, without giving away access to other commands,
+	and with full logging of all commands used.
+
+
+Super and sudo
+--------------
+Sudo --
+    Sudo allows a permitted user to execute a command as the superuser.
+    Its central design philosophy is that each user can be
+    trusted when executing certain commands.  This is implemented
+    by allowing each user to execute the restricted commands for
+    which s/he is trusted, without giving access to other restricted commands.
+
+Super --
+    The design philosophy behind super is two-fold:
+    (a) some users can be trusted when executing certain commands;
+    (b) there are some commands, such as a script to mount CDROM's,
+	which you'd like to be safely executable even by users who
+	are NOT trusted.  Although setuid-root scripts are insecure,
+	a good setuid-root wrapper around a sensible non-setuid script
+	can be hard to break, and super provides that wrapper so that
+	even a non-trusted user can use the scripts.
+
+In the author's view, the main differences to the administrator are:
+
+    (1) the files that specify valid user/command combinations have
+	a different look and feel.
+
+    (2) super provides a safe wrapper for scripts, so that a
+	well-written script can be run safely by ordinary
+	users without having to actually trust them.
+
+
+-- David	(obrien@FreeBSD.org)
diff --git a/security/super/pkg-plist b/security/super/pkg-plist
new file mode 100644
index 00000000000..a6c6e48edde
--- /dev/null
+++ b/security/super/pkg-plist
@@ -0,0 +1,8 @@
+bin/super
+bin/setuid
+man/man1/super.1.gz
+man/man1/setuid.1.gz
+man/man5/super.5.gz
+share/examples/sample.tab
+share/examples/sample.cdmount
+share/doc/super/README