first book commit

book/.gitignore

@@ -0,0 +1 @@
+book

book/book.toml

@@ -0,0 +1,16 @@
+[book]
+authors = ["LeChatP"]
+language = "en"
+multilingual = false
+src = "src"
+title = "RootAsRole Guide Book"
+description = "A Book for understanding RootAsRole concepts and how to use it"
+
+[output.html]
+git-repository-url = "https://github.com/LeChatP/RootAsRole/tree/master/book"
+edit-url-template = "https://github.com/LeChatP/RootAsRole/edit/master/book/{path}"
+
+
+[preprocessor.graphviz]
+command = "mdbook-graphviz"
+output-to-file = false

book/src/README.md

@@ -0,0 +1,17 @@
+# Introduction
+
+**RootAsRole** is a prject to allow Linux/Unix administrators to delegate their administrative tasks access rights to users. This tool allows you to configure your privilege access management more securely on a single operating system.
+
+Unlike sudo, this project sets the principle least privilege on its core features. Like sudo, this project wants to be usable. More than sudo, we care about configurators, and we try to warn configurators about dangerous manipulations.
+
+By using a role-based access control model, this project allows us to better manage administrative tasks. With this project, you could distribute privileges and prevent them from escalating directly. Unlike sudo does, we don't want to give entire privileges for any insignificant administrative task, so you could configure it easily with `chsr` command. To find out which capability is needed for a administrative command, we provide the `capable` command. With these two tools, administrators could respect the least privilege principle on their system.
+
+What we offer that sudo don't : 
+* [Linux Capabilities](https://man7.org/linux/man-pages/man7/capabilities.7.html) managed and simplified
+* [A structured access control model based on Roles](https://dl.acm.org/doi/10.1145/501978.501980)
+* Command matching based on commonly-used open-source libraries 
+  * [glob](https://docs.rs/glob/latest/glob/) for binary path
+  * [PCRE2](https://www.pcre.org/) for command arguments
+* Separation of duties.
+* Configuration file formatted in XML and with DTD Schema Validation.
+

book/src/SUMMARY.md

@@ -0,0 +1,39 @@
+# Summary
+
+[Introduction](README.md)
+
+# User Guide
+
+- [Installation](guide/installation.md)
+- [Use RootAsRole](guide/use.md)
+- [Configure RootAsRole](guide/configure.md)
+
+# Knowledge Guide
+
+- [Why you need to use Linux Capabilities](knowledge/linux_capabilities.md)
+- [Why you need to use Role-Based Access Model](knowledge/rbac.md)
+- [Static/Dynamic Separation of Duties notion](knowledge/sod.md)
+- [How does work role hierarchy feature](knowledge/role_hierarchy.md)
+- [RootAsRole Command matching](knowledge/command_match.md)
+- [What is eBPF ?](knowledge/ebpf.md)
+
+# Reference Guide
+
+- [`sr` Command Line Tool](sr/README.md)
+- [`chsr` Terminal User Interface](chsr/tui.md)
+- [`chsr` Command Line Tool](chsr/README.md)
+    - [newrole](chsr/newrole.md)
+    - [grant](chsr/grant.md)
+    - [revoke](chsr/revoke.md)
+    - [addtask](chsr/addtask.md)
+    - [deltask](chsr/deltask.md)
+    - [delrole](chsr/delrole.md)
+    - [config](chsr/config.md)
+    - [import](chsr/import.md)
+
+- [Continuous Integration](continuous-integration.md)
+- [How to contribute](dev/CONTRIBUTE.md)
+
+-----------
+
+[Contributors](misc/contributors.md)

book/src/chsr/README.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/addtask.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/config.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/delrole.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/deltask.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/grant.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/import.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/newrole.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/revoke.md

@@ -0,0 +1 @@
+# Incoming

book/src/chsr/tui.md

@@ -0,0 +1 @@
+# Incoming

book/src/continuous-integration.md

@@ -0,0 +1 @@
+# Incoming

book/src/dev/CONTRIBUTE.md

@@ -0,0 +1 @@
+# Incoming

book/src/dev/README.md

@@ -0,0 +1 @@
+# For Developers

book/src/dev/backends.md

@@ -0,0 +1 @@
+# Alternative Backends

book/src/dev/preprocessors.md

@@ -0,0 +1 @@
+# Preprocessors

book/src/guide/configure.md

@@ -0,0 +1 @@
+# Incoming

book/src/guide/installation.md

@@ -0,0 +1 @@
+# Incoming

book/src/guide/use.md

@@ -0,0 +1 @@
+# Incoming

book/src/knowledge/command_match.md

@@ -0,0 +1 @@
+# Incoming

book/src/knowledge/ebpf.md

@@ -0,0 +1 @@
+# Incoming

book/src/knowledge/linux_capabilities.md

@@ -0,0 +1 @@
+# Incoming

book/src/knowledge/rbac.md

@@ -0,0 +1 @@
+# Incoming

book/src/knowledge/role_hierarchy.md

@@ -0,0 +1 @@
+# Incoming

book/src/knowledge/sod.md

@@ -0,0 +1 @@
+# Incoming

book/src/misc/contributors.md

@@ -0,0 +1 @@
+# Incoming