Difference between revisions of "Doas"

From Void Linux Wiki
Jump to: navigation, search
(Created page with "Doas is OpenBSD's utility executes the given command as another user. == Installation == Doas is available in Void Linux repositories. # xbps-install -S opendoas == C...")
 
(No difference)

Latest revision as of 10:11, 13 February 2020

Doas is OpenBSD's utility executes the given command as another user.


Installation

Doas is available in Void Linux repositories.

  # xbps-install -S opendoas


Configuration

Edit /etc/doas.conf to change OpenDoas settings.

Config syntax: permit|deny [options] identity [as target] [cmd command [args ...]]

permit|deny - action if following rule matches

options - Options are:

  • nopass - don't ask password
  • persist - don't ask password again for some time after successful authentication
  • keepenv - keep user's environment variables
  • setenv { [variable ...] [variable=sth ...] } - keep or set environment variables

identity - username, group (may be specified by prepending a ‘:’) or numeric ID to match.

as target - command will run as this target user. The default is all users.

cmd command [args ...] - The command the user is allowed or denied to run ant it's arguments.

Example 1:

  permit keepenv :wheel

This will allow users from wheel group to run commands via doas. Example 2:

  permit nopass foo as root cmd ls

This will allow the user foo to run ls command as the user root without entering a password.

Sudo removal

If you want to change sudo to doas, add ignorepkg= sudo to /etc/xbps.d/ignore-90.conf and run

  # xbps-remove sudo

Useful links

OpenBSD man pages: doas, doas.conf