doas

doas (“do as”) is a program to execute commands as another user. The system administrator can configure it to give specified users privileges to execute specified commands. It is free and open-source under the ISC license[2] and available in Unix and Unix-like operating systems.

doas
Original author(s)Ted Unangst
Developer(s)OpenBSD Projects[1]
Initial release18 October 2015[1]
Repository
Written inC
TypeSecurity software
LicenseISC license
Websitehttps://man.openbsd.org/doas

doas was developed by Ted Unangst for OpenBSD as a simpler and safer sudo replacement.[3][4]

History

doas was originally developed by Ted Unangst[5] and was released with OpenBSD 5.8 in October 2015 replacing sudo.[1] However, OpenBSD still provides sudo as a package.[1]

Configuration

Definition of privileges should be written in the configuration file, /etc/doas.conf.[6]

Examples

Allow user1 to execute procmap as root without password:

permit nopass user1 as root cmd /usr/sbin/procmap

Allow members of the wheel group to run any command as root:

permit :wheel as root

Ports and availability

Jesse Smith’s[7] port of doas is packaged for DragonFlyBSD,[8] FreeBSD,[9] and NetBSD.[10] According to the author, it also works on illumos and macOS.[11] OpenDoas, a Linux port, is packaged for Alpine, Arch, Gentoo, GNU Guix, Hyperboloa, Manjaro, Parabola, NixOS, and Void Linux.[12]

References
  1. "OpenBSD 5.8". www.openbsd.org. Retrieved 2020-05-06.
  2. https://cvsweb.openbsd.org/src/usr.bin/doas/doas.c?rev=1.82
  3. Yegulalp, Serdar (2016-07-25). "OpenBSD 6.0 tightens security by losing Linux compatibility". InfoWorld. Retrieved 2020-05-06.
  4. Millman, Rene (18 October 2019). "Linux Sudo bug could allow hackers root access". SC Media UK. SC Media UK. Retrieved 2020-05-06.
  5. doas(1)  OpenBSD General Commands Manual
  6. "Privileges | OpenBSD Handbook". www.openbsdhandbook.com. Retrieved 2020-05-06.
  7. https://github.com/slicer69
  8. https://github.com/DragonFlyBSD/DPorts/tree/master/security/doas
  9. https://svnweb.freebsd.org/ports/head/security/doas/pkg-descr
  10. "The NetBSD Packages Collection: security/doas". ftp.netbsd.org. Retrieved 2020-05-06.
  11. Smith, Jesse. "doas". GitHub. Retrieved 2020-08-24.
  12. "opendoas". repology.org.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.