Top Qs
Timeline
Chat
Perspective
Doas
Computer software From Wikipedia, the free encyclopedia
Remove ads
doas (“dedicated openbsd application subexecutor”)[3] is a program to execute commands as another user. The system administrator can configure it to give specified users privileges to execute specified commands. It is free and open-source under the ISC license[4] and available in Unix and Unix-like operating systems.
doas was developed by Ted Unangst[5] for OpenBSD as a simpler and safer sudo replacement.[6][7] Unangst himself had issues with the default sudo config, which was his motivation to develop doas.[3] doas was released with OpenBSD 5.8 in October 2015 replacing sudo.[1] However, OpenBSD still provides sudo as a package.[1]
Remove ads
Configuration
Definition of privileges should be written in the configuration file, /etc/doas.conf.[8] The syntax used in the configuration file is inspired by the packet filter configuration file.[3]
Examples
Allow user1 to execute procmap as root without password:[citation needed]
permit nopass user1 as root cmd /usr/sbin/procmap
Allow members of the wheel group to run any command as root:
permit :wheel as root
Simpler version (only works if default user is root, which it is after install):
permit :wheel
To allow members of wheel group to run any command (default as root) and remember that they entered the password:
permit persist :wheel
Remove ads
Ports and availability
Jesse Smith’s[9] port of doas is packaged for DragonFlyBSD,[10] FreeBSD,[11] and NetBSD.[12] According to the author, it also works on illumos and macOS.[13]
OpenDoas, a Linux port, is packaged for Debian, Alpine, Arch, CRUX, Fedora, Gentoo, GNU Guix, Hyperbola, Manjaro, Parabola, NixOS, Ubuntu, and Void Linux.[14] Starting with Alpine Linux v3.16 release, OpenDoas became the suggested replacement for sudo, which got its security maintenance time reduced within the distribution.[15]
Remove ads
See also
References
Wikiwand - on
Seamless Wikipedia browsing. On steroids.
Remove ads