doas

OpenDoas is a portable version of OpenBSD's doas command, known for being substantially smaller in size compared to sudo. Like sudo, doas is used to assume the identity of another user on the system.

Related articles

Installation

Install the opendoas package.

Usage

To begin using doas as a non-privileged user, it must be properly configured. See #Configuration.

To use doas, simply prefix a command and its arguments with doas and a space:

$ doas cmd

For example, to use pacman:

$ doas pacman -Syu

To get to an interactive shell with root prompt:

$ doas -s

For more information, see doas(1).

Configuration

Install OpenDoas will be attached with PAM, but no default configuration or examples are included.

To allow members of group wheel to run commands as other users, create a configuration file with the following content:

Note: The configuration file must end with a newline.

The owner and group for should both be , file permissions should be set to :

# chown -c root:root /etc/doas.conf
# chmod -c 0400 /etc/doas.conf

To check for syntax errors, run:

# doas -C /etc/doas.conf && echo "config ok" || echo "config error"

To allow members of the plugdev group to run smartctl without password as Root user:

The general syntax form of is:

permit|deny [options] identity [as target] [cmd command [args ...]]

For more details please read .

Tips and tricks

doas persist feature

doas provides a persist feature: after the user successfully authenticates, do not ask for a password again for some time. It is disabled by default, enable it with the option:

Smooth transition sudo to doas

For a smooth transition from sudo to doas and to stay downward compatible, you could add to your environment:

alias sudo='doas'
alias sudoedit='doas rnano'

Or alternatively, symlink doas to where sudo would normally be (but it does not provide command):

# ln -s $(which doas) /usr/bin/sudo

opendoas-sudoAUR provides this symlink as well.

Bash tab completion

By default Bash will only tab complete files and directories within the current or referenced directory. To tell Bash to complete arguments as if they were separate commands (also leveraging the tab completion settings of other commands) the following can be added to either the users , or the global /etc/bash.bashrc:

gollark: (or, well, some programs on it)
gollark: How do I know my computer's not got awareness?
gollark: How can you *measure* that?
gollark: It's not like there seems to be any "conservation of intelligence" law; how would that even work?
gollark: It seems to have been.
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.