Warning: THIS WIKI IS DEPRECATED. It is no longer being maintained, and contains outdated and incorrect information. Please refer to the Void Handbook, https://docs.voidlinux.org/, for the official documentation. If you can't find the information you're seeking, please raise an issue at https://github.com/void-linux/void-docs/issues

Doas -

From Void Linux Wiki
Revision as of 10:11, 13 February 2020 by Vtsoft (talk | contribs) (Created page with "Doas is OpenBSD's utility executes the given command as another user. == Installation == Doas is available in Void Linux repositories. # xbps-install -S opendoas == C...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Doas is OpenBSD's utility executes the given command as another user.


Installation

Doas is available in Void Linux repositories.

  # xbps-install -S opendoas


Configuration

Edit /etc/doas.conf to change OpenDoas settings.

Config syntax: permit|deny [options] identity [as target] [cmd command [args ...]]

permit|deny - action if following rule matches

options - Options are:

  • nopass - don't ask password
  • persist - don't ask password again for some time after successful authentication
  • keepenv - keep user's environment variables
  • setenv { [variable ...] [variable=sth ...] } - keep or set environment variables

identity - username, group (may be specified by prepending a ‘:’) or numeric ID to match.

as target - command will run as this target user. The default is all users.

cmd command [args ...] - The command the user is allowed or denied to run ant it's arguments.

Example 1:

  permit keepenv :wheel

This will allow users from wheel group to run commands via doas. Example 2:

  permit nopass foo as root cmd ls

This will allow the user foo to run ls command as the user root without entering a password.

Sudo removal

If you want to change sudo to doas, add ignorepkg= sudo to /etc/xbps.d/ignore-90.conf and run

  # xbps-remove sudo

Useful links

OpenBSD man pages: doas, doas.conf