doas

From Wikipedia, the free encyclopedia
doas
Original author(s)Ted Unangst
Developer(s)OpenBSD Projects[1]
Initial release18 October 2015; 6 years ago (2015-10-18)[1]
Repository
Written inC
TypeSecurity software
LicenseISC license
Websitehttps://man.openbsd.org/doas

doas (“dedicated openbsd application subexecutor”)[2] is a program to execute commands as another user. The system administrator can configure it to give specified users privileges to execute specified commands. It is free and open-source under the ISC license[3] and available in Unix and Unix-like operating systems.

doas was developed by Ted Unangst for OpenBSD as a simpler and safer sudo replacement.[4][5] Unangst himself had issues with the default sudo config, which was his motivation to develop doas.[2]

doas was originally developed by Ted Unangst[6] and was released with OpenBSD 5.8 in October 2015 replacing sudo.[1] However, OpenBSD still provides sudo as a package.[1]

Configuration[]

Definition of privileges should be written in the configuration file, /etc/doas.conf.[7] The syntax used in the configuration file is inspired by the packet filter configuration file.[2]

Examples[]

Allow user1 to execute procmap as root without password: 

permit nopass user1 as root cmd /usr/sbin/procmap

Allow members of the wheel group to run any command as root: 

permit :wheel as root

Simpler version (only works if default user is root (after install it is)): 

permit :wheel

To allow members of wheel group to run any command (default as root) AND remember that they entered the password: 

permit persist :wheel

Ports and availability[]

Jesse Smith’s[8] port of doas is packaged for DragonFlyBSD,[9] FreeBSD,[10] and NetBSD.[11] According to the author, it also works on illumos and macOS.[12] OpenDoas, a Linux port, is packaged for Debian, Alpine, Arch, CRUX, Fedora, Gentoo, GNU Guix, Hyperbola, Manjaro, Parabola, NixOS, Ubuntu, and Void Linux.[13]

See also[]

References[]

  1. ^ a b c d "OpenBSD 5.8". www.openbsd.org. Archived from the original on 2021-05-17. Retrieved 2020-05-06.
  2. ^ a b c "doas - dedicated openbsd application subexecutor". flak.tedunangst.com. Retrieved 2022-01-01.
  3. ^ "Archived copy". Archived from the original on 2021-03-03. Retrieved 2021-09-29.{{cite web}}: CS1 maint: archived copy as title (link)
  4. ^ Yegulalp, Serdar (2016-07-25). "OpenBSD 6.0 tightens security by losing Linux compatibility". InfoWorld. Archived from the original on 2021-07-25. Retrieved 2020-05-06.
  5. ^ Millman, Rene (18 October 2019). "Linux Sudo bug could allow hackers root access". SC Media UK. SC Media UK. Archived from the original on 2021-09-29. Retrieved 2020-05-06.
  6. ^ doas(1) – OpenBSD General Commands Manual
  7. ^ "Privileges | OpenBSD Handbook". www.openbsdhandbook.com. Archived from the original on 2021-03-03. Retrieved 2020-05-06.
  8. ^ "Archived copy". Archived from the original on 2021-08-31. Retrieved 2020-05-06.{{cite web}}: CS1 maint: archived copy as title (link)
  9. ^ "Archived copy". Archived from the original on 2021-03-03. Retrieved 2020-08-24.{{cite web}}: CS1 maint: archived copy as title (link)
  10. ^ "Archived copy". Archived from the original on 2021-09-29. Retrieved 2020-08-24.{{cite web}}: CS1 maint: archived copy as title (link)
  11. ^ "The NetBSD Packages Collection: security/doas". ftp.netbsd.org. Archived from the original on 2021-09-29. Retrieved 2020-05-06.
  12. ^ Smith, Jesse. "doas". GitHub. Archived from the original on 2021-04-27. Retrieved 2020-08-24.
  13. ^ "opendoas". repology.org. Archived from the original on 2021-03-03. Retrieved 2020-08-24.
Retrieved from ""