Doas
Topic: Software
From HandWiki - Reading time: 3 min
| Original author(s) | Ted Unangst |
|---|---|
| Developer(s) | OpenBSD Project[1] |
| Initial release | 18 October 2015[1] |
| Stable release | [2]
/ Error: first parameter is missing. |
| Written in | C |
| Type | Security software |
| License | ISC license |
| Website | https://man.openbsd.org/doas |
doas (“dedicated openbsd application subexecutor”)[3] is a program to execute commands as another user. The system administrator can configure it to give specified users privileges to execute specified commands. It is free and open-source under the ISC license[4] and available in Unix and Unix-like operating systems.
doas was developed by Ted Unangst for OpenBSD as a simpler and safer sudo replacement.[5][6] Unangst himself had issues with the default sudo config, which was his motivation to develop doas.[3]
doas was originally developed by Ted Unangst[7] and was released with OpenBSD 5.8 in October 2015 replacing sudo.[1] However, OpenBSD still provides sudo as a package.[1]
Configuration
Definition of privileges should be written in the configuration file, /etc/doas.conf.[8] The syntax used in the configuration file is inspired by the packet filter configuration file.[3]
Examples
Allow user1 to execute procmap as root without password:[citation needed]
permit nopass user1 as root cmd /usr/sbin/procmap
Allow members of the wheel group to run any command as root:
permit :wheel as root
Simpler version (only works if default user is root, which it is after install):
permit :wheel
To allow members of wheel group to run any command (default as root) and remember that they entered the password:
permit persist :wheel
Ports and availability
Jesse Smith’s[9] port of doas is packaged for DragonFlyBSD,[10] FreeBSD,[11] and NetBSD.[12] According to the author, it also works on illumos and macOS.[13] OpenDoas, a Linux port, is packaged for Debian, Alpine, Arch, CRUX, Fedora, Gentoo, GNU Guix, Hyperbola, Manjaro, Parabola, NixOS, Ubuntu, and Void Linux.[14] Starting with Alpine Linux v3.16 release, OpenDoas became the suggested replacement for sudo, which got its security maintenance time reduced within the distribution.[15]
See also
References
- ↑ 1.0 1.1 1.2 1.3 "OpenBSD 5.8". http://www.openbsd.org/58.html.
- ↑ "src/usr.bin/doas/doas.c - view - 1.98". 2022-12-22. https://cvsweb.openbsd.org/src/usr.bin/doas/doas.c?rev=1.98. Retrieved 2023-07-22.
- ↑ 3.0 3.1 3.2 "doas - dedicated openbsd application subexecutor". https://flak.tedunangst.com/post/doas.
- ↑ "Archived copy". https://cvsweb.openbsd.org/src/usr.bin/doas/doas.c?rev=1.82.
- ↑ Yegulalp, Serdar (2016-07-25). "OpenBSD 6.0 tightens security by losing Linux compatibility" (in en). https://www.infoworld.com/article/3099038/openbsd-60-tightens-security-by-losing-linux-compatibility.html.
- ↑ Millman, Rene (18 October 2019). "Linux Sudo bug could allow hackers root access". SC Media UK. https://www.scmagazineuk.com/article/1663022.
- ↑ – OpenBSD General Commands Manual
- ↑ "Privileges | OpenBSD Handbook". https://www.openbsdhandbook.com/system_management/privileges/.
- ↑ "Slicer69 (Jesse Smith) · GitHub". https://github.com/slicer69.
- ↑ "DPorts/Security/Doas at master · DragonFlyBSD/DPorts · GitHub". https://github.com/DragonFlyBSD/DPorts/tree/master/security/doas.
- ↑ "[ports] Log of /Head/Security/Doas/PKG-descr". https://svnweb.freebsd.org/ports/head/security/doas/pkg-descr.
- ↑ "The NetBSD Packages Collection: security/doas". http://ftp.netbsd.org/pub/pkgsrc/current/pkgsrc/security/doas/README.html.
- ↑ Smith, Jesse. "doas". https://github.com/slicer69/doas.
- ↑ "opendoas". https://repology.org/project/opendoas/information.
- ↑ "Alpine 3.16.0 released". https://alpinelinux.org/posts/Alpine-3.16.0-released.html.
 |  |
EncycloReader
is supported by the 
KSF