Date: Sat, 6 Mar 2021 12:05:09 GMT From: Gordon Bergling <gbe@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: 180b5eb083 - main - Handbook: Add a small chapter about doas as an alternative to sudo Message-ID: <202103061205.126C59xd013572@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by gbe: URL: https://cgit.FreeBSD.org/doc/commit/?id=180b5eb083c859f2c462d249604327605ab3f922 commit 180b5eb083c859f2c462d249604327605ab3f922 Author: Gordon Bergling <gbe@FreeBSD.org> AuthorDate: 2021-03-06 12:02:42 +0000 Commit: Gordon Bergling <gbe@FreeBSD.org> CommitDate: 2021-03-06 12:02:42 +0000 Handbook: Add a small chapter about doas as an alternative to sudo doas is a viable alternative to sudo, so it is worth to be mentioned in our handbook. Reviewed by: 0mp (early version) Differential Revision: https://reviews.freebsd.org/D28483 --- .../content/en/books/handbook/security/_index.adoc | 23 ++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc index d07f9f0413..1cb02b6f8d 100644 --- a/documentation/content/en/books/handbook/security/_index.adoc +++ b/documentation/content/en/books/handbook/security/_index.adoc @@ -2125,3 +2125,26 @@ While sessions are logged, any administrator is able to remove sessions and leav ==== The `sudoreplay` is extremely extendable. Consult the documentation for more information. + +[[security-doas]] +As an alternative to package:security/sudo[] package:security/doas[] can be used to provide the ability for users to get enhanced privileges. + +The doas utility is available via the ports collection in package:security/doas[] or via the man:pkg[8] utility. + +After the installation [.filename]#/usr/local/etc/doas.conf# must be configured to grant access for users for specific commands, or roles. + +The simpliest entry could be the following, which grants local_user root permissions without asking for its password when executing the doas command. + +[source,bash] +.... +permit nopass local_user as root +.... + +For more configuration examples, please read man:doas.conf[5]. + +After the installation and configuration of the `doas` utility, a command can now be executed with enhanced privileges, like for example. + +[source,bash] +.... +$ doas vi /etc/rc.conf +....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202103061205.126C59xd013572>