sudo, but object-capability style!
# make
# make install PREFIX=/wherever
By default it will install to /usr.
Run capsudod -s socket-path-here to create a socket and listen on it.
This socket acts as an object capability: anyone who can access the socket
can make use of it.
Run capsudo -s socket-path-here [arguments] to invoke the object capability you created.
The capsudo daemon will accept a connection, stitch everything together and run the program
bound to the object capability.
Allowing anyone in %wheel to run any program you want (classical sudo/doas setup on Alpine):
# mkdir -p /run/cap
# capsudod -s /run/cap/sudo-capability &
# chgrp wheel /run/cap/sudo-capability
# chmod 770 /run/cap/sudo-capability
$ capsudo -s /run/cap/sudo-capability
Allowing someone to reboot the machine:
# capsudod -s /home/user/reboot-capability reboot &
# chown user:user /home/user/reboot-capability && chmod 700 /home/user/reboot-capability
$ capsudo -s /home/user/reboot-capability