doas tips - sudo alternative

NapoleonWils0n

Well-Known Member

Reaction score: 150
Messages: 275

Some tips on using doas the sudo alternative ported from Openbsd

install doas

Code:
# pkg install doas

Create the doas config file

Bash:
# vi /usr/local/etc/doas.conf

The username and groups follow the chown syntax,
ther username or group is preceded by the : colon character

eg

:username
:groupname

Replace username with your username in the follow example

In the first example we allow our user to run commands as root but require a password
In the second example we use the nopass option to allow username2 to execute commands as root without prompting for a password

We allow username to execute some commands as root but without entering a password,
for example to mount drives, start the musicpd service and run the pkg update command

To run a service as root without a password we specify the service after cmd and then args followed by the arguments,
in this example to start the musicpd service

Bash:
# allow user but require password
permit keepenv :username

# allow user and dont require a password to execute commands as root
permit nopass keepenv :username2

# mount drives
permit nopass :username cmd mount
permit nopass :username cmd umount

# musicpd service start and stop
permit nopass :username cmd service args musicpd onestart
permit nopass :username cmd service args musicpd onestop

# pkg update
permit nopass :username cmd pkg args update

# run personal scripts as root without prompting for a password,
# requires entering the full path when running with doas
permit nopass :username cmd /home/username/bin/somescript

# root as root
permit nopass keepenv root as root

You can also run your own personal scripts as root without a password,
but you have to enter the full path to the script in the doas.conf file and when the script is run in the terminal

for example to run the somescript script as shown in the doas.conf file we have to specify the full path to the script in the terminal

Bash:
doas /home/username/bin/somescript

This is because doas only searches in the system path and not your users path
 
Top