OP. A Tool For Controlling Root on Unix
 
This page is for a version of op that is no longer maintained! Active development of op is being carried on by Alec Thomas at http://svn.swapoff.org/op.
 
Op is a tool for allowing users to run root privileged commands without the root password. It is described in detail in "Op: A Flexible Tool for Restricted Superuser Access" by Tom Christiansen. From this description Dave Koblas produced an impementation of op in C. Tom's original paper is included in this distribution in the file "op.paper". Differences between that design and the current implementation are noted in the file "op.changes".

I first came into contact with op at Octel in 1992. Over the years I added a couple of things, and ported it to architectures Octel cared about. Those included SunOS 4.1.x, Solaris 2.2 and greater, AIX, HP-UX 9.x, BSDI 1.1 and Linux 1.x. I added support for SecurID access control from Security Dynamics. This particular code has only been tested under SunOS and Solaris. I also enhanced the syslog stuff so it would log the command parameters that op executes as well as the command name. Support for Solaris shadow passwords was also added.

I left Octel in 1996, and payed little attention to op for over a year. Recently, I had a need for op on Linux 2.0. I had to tweak the shadow password implementation to get it to work. While I was at it I cleaned up some of the logging code. It seems to work quite well on Linux. I've tried hard not to break other platforms with my mods, so they probably still work too. 8).I will test this code on any platform I need to use it on. If you have ported or built this code on other platforms, I'd like to hear from you. You can reach me via email at hbo@egbok.com. I'll try to help out with bugs time permitting.

**** Disclaimer **** This code has been extensively tested only on the Sun architectures. We have noticed no egregious bugs on those platforms, but that's no guarantee such bugs don't exist. That goes double for the non-Sun architectures where testing has involved building, installing and running "op sh" once or twice.

I'm grateful to Tom Christiansen and Dave Koblas for the original design and implementation of op. I'm also grateful to all those folks who, like Tom and Dave, have made my life easier by giving away marvelous, useful source code. I'm happy to give a little bit back, at long last. 
/* +-------------------------------------------------------------------+ */
/* | Copyright 1991, David Koblas.                                     | */
/* |   Permission to use, copy, modify, and distribute this software   | */
/* |   and its documentation for any purpose and without fee is hereby | */
/* |   granted, provided that the above copyright notice appear in all | */
/* |   copies and that both that copyright notice and this permission  | */
/* |   notice appear in supporting documentation.  This software is    | */
/* |   provided "as is" without express or implied warranty.           | */
/* +-------------------------------------------------------------------+ */

	Ditto for my contributions which are Copyright (C) 1995, 1997 by
	Howard Owen. (hbo@egbok.com)
Download the gzipped tar archive: op-1.11.tar.gz
You'll need a gzip compiled for your architecture to decompress the above file.
Back to EGBOK Home