RootAsRole β A better alternative to sudo(-rs)/su β’ β‘ Blazing fast β’ π‘οΈ Memory-safe β’ π Security-oriented
RootAsRole is a Linux/Unix privilege delegation tool based on Role-Based Access Control (RBAC). It empowers administrators to assign precise privileges β not full root β to users and commands.
π Full Documentation for more details
Most Linux systems break the Principle of Least Privilege. Tools like sudo give full root, even if you just need one capability like CAP_NET_RAW.
RootAsRole solves this:
- Grants only the required capabilities
- Uses roles and tasks to delegate rights securely
- Better than
sudo,doas,setcap, orpam_cap, see Comparison table below
- A structured access control model based on Roles
- Linux Capabilities support
- Highly configurable
- Command matching with glob for binary path and PCRE2 for command arguments
- π οΈ Configuration Helpers:
| Feature | setcap?? | doas | sudo | sudo-rs | dosr (RootAsRole) |
|---|---|---|---|---|---|
| Change user/groups | N/A | β | β | β | β β mandatory or optional |
| Environment variables | N/A | partial | β | partial | β |
| Specific command matching | N/A | strict | strict & regex | strict & wildcard | strict & regex |
| Centralized policy | β | β | β | β | Planned |
| Secure signal forwarding | N/A | β | β | β | Planned |
| Set capabilities | β | β | β | β | |
| Prevent direct privilege escalation | β | β | β | β | β |
| Untrust authorized users | β | β | β | β | β |
| Standardized policy format | β | β | β | β | β |
| Scalable access control model | N/A | β ACL | β ACL | β ACL | β RBAC |
We really need your help to bring the project to Linux distributions repositories! Please contribute π!
git clone https://aur.archlinux.org/dosr.git
cd dosr
makepkg -siyou can also use yay AUR manager or any other one you like. Please vote for the AUR if you want it into pacman extra repo! All you need is an Arch AUR account and you could vote for the AUR π
- Rust >= 1.88.0
- You can install Rust by running the following command:
(Do not forget to add the cargo bin directory to your PATH with
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
. "$HOME/.cargo/env"command)
- You can install Rust by running the following command:
- git
- You can install git by running the following commands depending on your distribution:
Ubuntu :
sudo apt-get install git, RedHat :sudo yum install git, ArchLinux :sudo pacman -S git
- You can install git by running the following commands depending on your distribution:
Ubuntu :
- clang (or gcc, but clang is highly recommended)
- You can install clang by running the following commands depending on your distribution:
Ubuntu :
sudo apt-get install clang, RedHat :sudo yum install clang, ArchLinux :sudo pacman -S clang
- You can install clang by running the following commands depending on your distribution:
Ubuntu :
Warning
This installation process configures RaR with all privileges for the user who install the program. See what it does.
git clone https://github.com/LeChatP/RootAsRolecd RootAsRolecargo xtask install -bip sudo
Execute privileged commands with a role-based access control system Usage: dosr [OPTIONS] [COMMAND]... Arguments: [COMMAND]... Command to execute Options: -r, --role <ROLE> Role to select -t, --task <TASK> Task to select (--role required) -u, --user <USER> User to execute the command as -g, --group <GROUP<,GROUP...>> Group(s) to execute the command as -E, --preserve-env Keep environment variables from the current process -p, --prompt <PROMPT> Prompt to display -K Remove timestamp file -i, --info Print the execution context of a command if allowed by a matching task -h, --help Print help (see more with '--help') -V, --version Print version
If you're accustomed to utilizing the sudo tool and find it difficult to break that habit, consider creating an alias :
alias sudo="dosr"
alias sr="dosr"RootAsRole 3.1.0 introduced CBOR support, significantly boosting performance:
- β‘ 77% faster than
sudowhen using a single rule - π Scales 40% better than
sudoas more rules are added
π sudo-rs matches sudo performance but crashes with >100 rules (wonβt fix for now)
When using Ansible (or any automation tool), every task that uses become: true will invoke dosr on the target host.
With RootAsRole (RaR), each role and task introduces additional access control logic --- this doesnβt slow you down.
π‘ You can reach the performance of 1 sudo rule with ~4000 RaR rules.
That means:
- You can define thousands of fine-grained rules
- You enforce better security (POLP) without degrading performance
- The system stays fast, even at scale
Use the chsr command to:
- Define roles and tasks
- Assign them to users or groups
More information in the documentation
Use the capable command to:
- Analyze specific command rights
- Generate "credentials" task structure
Use gensr for Ansible to:
- Auto-generate security policies for your playbooks
- Detect supply chain attacks by reviewing the generated policy
- Linux kernel >= 4.3
- PhD Thesis (2025): Orchestrating and enforcing the principle of least administrative privileges in Linux systems β E. Billoir
- Conference (2025): No Root, No Problem: Automating Linux Least Privilege and Securing Ansible Deployments β ESORICS 2025
- Conference (2024): Enhancing Secure Deployment with Ansible: A Focus on Least Privilege and Automation for Linux β ARES 2024
- Journal Article (2024): Implementing the Principle of Least Administrative Privilege on Operating Systems: Challenges and Perspectives β Annals of Telecommunications
- Conference (2023): Implementing the Principle of Least Privilege Using Linux Capabilities: Challenges and Perspectives β CSNet 2023
- Journal Article (2022): RootAsRole: a security module to manage the administrative privileges for Linux β Computers & Security
- Conference (2021): RootAsRole: Towards a Secure Alternative to sudo/su Commands for Home Users and SME Administrators β SACMAT 2021
These publications starts from the initial proof of concept to the current production-ready version, covering design, implementation, security analysis, and real-world deployment.
The project's mascot and logos were created entirely by hand by Eva La Fougère!
The mascot and its variants are licensed under CC BY-ND 4.0 and the copyright belongs to Eva La Fougère.
The mascot serves as the visual identity of the official RootAsRole project. It must not be used by third-party projects, derivative works, or forks as their primary visual identity in a manner that could create confusion with the official project or suggest endorsement by the RootAsRole project.
This project includes sudo-rs code licensed under the Apache-2 and MIT licenses: We have included cutils.rs, securemem.rs to make work the rpassword.rs file. Indeed, We thought that the password was well managed in this file and we have reused it. As sudo-rs does, rpassword.rs is from the rpassword project (License: Apache-2.0). We use it as a replacement of the rpassword project usage.
This project was initiated by IRIT and sponsored by both IRIT and Airbus PROTECT through an industrial PhD during 2022 and 2025.
