FreeBSD

Donate to FreeBSD

Home

About

Get FreeBSD
- Release Information
- Release Engineering

Documentation

Community

Developers

Support

Foundation
- Monetary Donations
- Hardware Donations

Playing with mdo(1)

Thread starter elephant
Start date Jan 31, 2026

elephant

Jan 31, 2026

#1

A bit overkill, but this works as a sudo-ish replacement.

Assuming (as root):

sh:

root@host: $ id
uid=0(root) gid=0(wheel) groups=0(wheel),5(operator)

... then set this rule where xxxx is your ordinary user's ID.

sh:

root@host: $ sysctl security.mac.do.rules='id=xxxx>id=0,gid=0,+gid=0,gid=5,+gid=5'

Then as the ordinary user ...

sh:

ordinary@host: $ mdo -u root whoami
root

Apparently, 'root' is the default so you can omit the '-u' clause for a shorter syntax.

sh:

ordinary@host: $ mdo whoami
root

OP

elephant

Jan 31, 2026

Thread Starter
#2

I have mixed feelings on this. It's smaller, simpler. But ... there's no logging to /var/log/auth.log.

V

vyryls

Feb 1, 2026

#3

I wish security/doas was in base.

The config is as easy as

Code:

permit :wheel

or similar.

You must log in or register to reply here.

Share:

Bluesky LinkedIn Reddit Pinterest Tumblr WhatsApp Email Link

This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Accept Learn more…

Top