+-------+
|glacier|
+-------+
DANGER
------
Do not run the Makefile or any of these scripts unless you are sure you
understand their function, or you are working in a disposable instance (e.g. a
container)! This package exists to allow you to change the root password on
your system to something you do not have memorized, and which cannot be viewed
except through the ``glacier``executable. This is dangerous.
Intro
-----
In pharmacies, certain drugs are put in a time-delay safe, which means there is
a fixed lag between the retrieval request and the time the safe is able to open
(say maybe 15 minutes). This package is an implementation of this system for
file viewing and editing. It allows a user to "freeze" a file such that it
cannot be edited until they have waited for some prespecified interval after
the initial request is made.
It works by:
1. Allowing you to set the root password to e.g. a long alphanumeric string,
which is stored in a file only readable by root (600 permissions).
2. Forcing all users to use the root password in order to run commands as super
user.
3. Only allowing reads of the root password file via the ``glacier``
executable, and forcing the user to wait a configurable amount of time before
the contents are readable.
4. Adding a user group ``%glacier`` which allows its users to run the
``glacier`` executable as sudo, without prompting for a password.
Changing or viewing the root psssword will also be locked behind a time-delay,
and will only be possible via use of the ``glacier`` executable.
Installation
------------
1. Edit ``glacier.sh`` to set the delay in seconds. Make this very small to begin with, to avoid danger.
2. Run ``make`` to install the main executable.
3. Run ``make rootpass`` to generate the frozen root password file. If you want to keep you current root password, just type that in the editor.
4. In ``/etc/sudoers``, USING ``visudo``, add this line:
Defaults rootpw
5. Reboot machine, and run ``groups`` before testing to make sure current user belongs to ``glacier`` group.
Usage
-----
glacier (display rootpass)
glacier -a <URL> (append <URL> to /etc/hosts)