Doas

doas
Original author(s)	Ted Unangst
Developer(s)	OpenBSD Project
Initial release	18 October 2015; 9 years ago
Stable release	1.99 / 15 February 2024; 11 months ago
Repository	cvsweb.openbsd.org/src/usr.bin/doas/ ;
Written in	C
Type	Security software
License	ISC license
Website	https://man.openbsd.org/doas

doas (“dedicated openbsd application subexecutor”)^[3] is a program to execute commands as another user. The system administrator can configure it to give specified users privileges to execute specified commands. It is free and open-source under the ISC license^[4] and available in Unix and Unix-like operating systems.

doas was developed by Ted Unangst^[5] for OpenBSD as a simpler and safer sudo replacement.^[6]^[7] Unangst himself had issues with the default sudo config, which was his motivation to develop doas.^[3] doas was released with OpenBSD 5.8 in October 2015 replacing sudo.^[1] However, OpenBSD still provides sudo as a package.^[1]

Configuration

Definition of privileges should be written in the configuration file, /etc/doas.conf.^[8] The syntax used in the configuration file is inspired by the packet filter configuration file.^[3]

Examples

Allow user1 to execute procmap as root without password:^{[citation needed]}

permit nopass user1 as root cmd /usr/sbin/procmap

Allow members of the wheel group to run any command as root:

permit :wheel as root

Simpler version (only works if default user is root, which it is after install):

permit :wheel

To allow members of wheel group to run any command (default as root) and remember that they entered the password:

permit persist :wheel

Ports and availability

Jesse Smith’s^[9] port of doas is packaged for DragonFlyBSD,^[10] FreeBSD,^[11] and NetBSD.^[12] According to the author, it also works on illumos and macOS.^[13]

OpenDoas, a Linux port, is packaged for Debian, Alpine, Arch, CRUX, Fedora, Gentoo, GNU Guix, Hyperbola, Manjaro, Parabola, NixOS, Ubuntu, and Void Linux.^[14] Starting with Alpine Linux v3.16 release, OpenDoas became the suggested replacement for sudo, which got its security maintenance time reduced within the distribution.^[15]

References

^ ^a ^b ^c ^d "OpenBSD 5.8". www.openbsd.org. Archived from the original on 2021-05-17. Retrieved 2020-05-06.
^ "src/usr.bin/doas/doas.c - view - 1.98". 2022-12-22. Retrieved 2023-07-22.
^ ^a ^b ^c "doas - dedicated openbsd application subexecutor". flak.tedunangst.com. Retrieved 2022-01-01.
^ "Archived copy". Archived from the original on 2021-03-03. Retrieved 2021-09-29.{{cite web}}: CS1 maint: archived copy as title (link)
^ doas(1) – OpenBSD General Commands Manual
^ Yegulalp, Serdar (2016-07-25). "OpenBSD 6.0 tightens security by losing Linux compatibility". InfoWorld. Archived from the original on 2021-07-25. Retrieved 2020-05-06.
^ Millman, Rene (18 October 2019). "Linux Sudo bug could allow hackers root access". SC Media UK. Archived from the original on 2021-09-29. Retrieved 2020-05-06.
^ "Privileges | OpenBSD Handbook". www.openbsdhandbook.com. Archived from the original on 2021-03-03. Retrieved 2020-05-06.
^ "Slicer69 (Jesse Smith) · GitHub". GitHub. Archived from the original on 2021-08-31. Retrieved 2020-05-06.
^ "DPorts/Security/Doas at master · DragonFlyBSD/DPorts · GitHub". GitHub. Archived from the original on 2021-03-03. Retrieved 2020-08-24.
^ "[ports] Log of /Head/Security/Doas/PKG-descr". Archived from the original on 2021-09-29. Retrieved 2020-08-24.
^ "The NetBSD Packages Collection: security/doas". ftp.netbsd.org. Archived from the original on 2021-09-29. Retrieved 2020-05-06.
^ Smith, Jesse. "doas". GitHub. Archived from the original on 2021-04-27. Retrieved 2020-08-24.
^ "opendoas". repology.org. Archived from the original on 2021-03-03. Retrieved 2020-08-24.
^ "Alpine 3.16.0 released". alpinelinux.org. Retrieved 2023-06-10.

[auto1-1] "OpenBSD 5.8". www.openbsd.org. Archived from the original on 2021-05-17. Retrieved 2020-05-06.

[2] "src/usr.bin/doas/doas.c - view - 1.98". 2022-12-22. Retrieved 2023-07-22.

[:0-3] "doas - dedicated openbsd application subexecutor". flak.tedunangst.com. Retrieved 2022-01-01.

[4] "Archived copy". Archived from the original on 2021-03-03. Retrieved 2021-09-29.{{cite web}}: CS1 maint: archived copy as title (link)

[5] doas(1) – OpenBSD General Commands Manual

[6] Yegulalp, Serdar (2016-07-25). "OpenBSD 6.0 tightens security by losing Linux compatibility". InfoWorld. Archived from the original on 2021-07-25. Retrieved 2020-05-06.

[7] Millman, Rene (18 October 2019). "Linux Sudo bug could allow hackers root access". SC Media UK. Archived from the original on 2021-09-29. Retrieved 2020-05-06.

[auto6-8] "Privileges | OpenBSD Handbook". www.openbsdhandbook.com. Archived from the original on 2021-03-03. Retrieved 2020-05-06.

[9] "Slicer69 (Jesse Smith) · GitHub". GitHub. Archived from the original on 2021-08-31. Retrieved 2020-05-06.

[10] "DPorts/Security/Doas at master · DragonFlyBSD/DPorts · GitHub". GitHub. Archived from the original on 2021-03-03. Retrieved 2020-08-24.

[11] "[ports] Log of /Head/Security/Doas/PKG-descr". Archived from the original on 2021-09-29. Retrieved 2020-08-24.

[12] "The NetBSD Packages Collection: security/doas". ftp.netbsd.org. Archived from the original on 2021-09-29. Retrieved 2020-05-06.

[13] Smith, Jesse. "doas". GitHub. Archived from the original on 2021-04-27. Retrieved 2020-08-24.

[14] "opendoas". repology.org. Archived from the original on 2021-03-03. Retrieved 2020-08-24.

[15] "Alpine 3.16.0 released". alpinelinux.org. Retrieved 2023-06-10.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

Doas

Configuration

Examples

Ports and availability

See also

References

Portal di Ensiklopedia Dunia