FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=main 2024-05-22T12:01:41Z 2024-05-22T12:01:41Z Baptiste Daroussin bapt@FreeBSD.org 2024-05-09T22:03:28Z urn:sha1:8aac90f18aef7c9eea906c3ff9a001ca7b94f375 This policy enables a user to become another user without having to be root (hence no setuid binary). it is configured via rules using sysctl security.mac.do.rules For example: security.mac.do.rules=uid=1001:80,gid=0:any The above rule means the user identifier by the uid 1001 is able to become user 80 Any user of the group 0 are allowed to become any user on the system. The mdo(1) utility expects the MAC/do policy to be installed and its rules defined. Reviewed by: des Differential Revision: https://reviews.freebsd.org/D45145