CODE IS DISTRIBUTED UNDER GNU GPL LICENSE. DETAILS CAN BE FOUND IN FILE
"LICENSE".

erup - enchanced regular user privileges
Current version is available at http://www.wijata.com/erup
This version is - see ChaneLog
Code written by Rafal Wijata http://www.wijata.com/
Idea given by Lukasz Wojtow <lw@wszia.edu.pl>

This module is meant to allow certain users (not root) do privileged
system calls.
Currently implemented calls are:
    - setuid
    - setgid
    - chroot
    - quotactl
    - setgroups

If You need more, mail me.

The kernel module manages a lists, which carry the information who can do what.
So if user foo is on the list and he's allowed to setuid() to user bar, he can
successfully call setuid(bar). Normally root privileges are required.
The same holds for others syscalls.

For lists manipulation a userspace program was created called erupmgr.
It uses kernel device (served by module) to talk to kernel.
It is a character device, usually called /dev/erup with major
number 122. For syntax and examples see help for erupmgr.

I also maintain a kernel patch, so erup can be build into kernel image.
I consider it's faster, but when You want remove the code - You have to
recompile whole kernel.

Instalation:
It's quite simple. Just type make (gmake).
When it compiles OK, type make install.
See Makefile for details.
One importand thing. Everyone who has write access to /dev/erup can manipulate
the kernel lists, so better chmod & chown it properly.

Why I did it ?
Well I have my reasons, like eliminating suexec from Apache, but in general,
You can use it everywhere where You've need sudo and similar stuff. As it
kernel based sollution You can consider it's buffer overflow (and others) safe.

There is a mailing list at eruplist@wijata.com
Subscribe at eruplist-subscribe@wijata.com
