You are not logged in.
Pages: 1
OpenBSD has replaced sudo from its default install with doas. This utility is available in Devuan's package repositories. Once installed you create an /etc/doas.conf file with the needed commands you wish to run as root. An example is given below:-
permit nopass username as root cmd /sbin/shutdown
To run the command just type, doas /sbin/shutdown -r now.
Further examples can be found at the bottom of the doas.conf man page.
So, to install doas do the following: aptitude purge sudo ; aptitude install doas (use your preferred package manager)
There may be a caveat in using doas, some heavyweight desktop environments may have a dependency on sudo, so check this out before you try doas. I think you will find doas has a cleaner syntax than sudo and I have found it to be more flexible for my needs.
Offline
It was introduced because a lot of admins had problems configuring sudo properly, & it has a lot less options, which makes it easier.
They introduced doas just after I finally got around to buying Sudo Mastery, just my luck.
Offline
The creator of doas explains their reasons here:
Brianna Ghey — Rest In Power
Offline
So, to install doas do the following: aptitude purge sudo ; aptitude install doas (use your preferred package manager)
Or better:
aptitude install doas
Check doas works and does everything you need!
aptitude purge sudo
Now check if everything still works. Eg does the menu option to shut down the system need sudo?
I've spend too many years installing software to risk cutting myself off.
Offline
The creator of doas explains their reasons here:
I've been listening to some of Ted Unangst's talks. He's very thorough about his approach to improving code.
Anyway, I've been playing around with doas and actively considering installing OpenBSD on the side. I like the more minimalist, no-hands-held environment.
Last edited by brocashelm (2022-09-03 18:42:26)
Offline
As far as regular desktop users, & small networks go, doas would be a better option for most distros.
Offline
Hm, how would the following look in doas style?
(Capt. Obviuos does not want to compile as root)
$ ./configure
$ make
$ sudo make install
Offline
^
./configure
make
doas make install
Or add this to your shell initialisation file (eg, ~/.bashrc):
alias sudo='/usr/bin/doas'
Then just carry on using sudo as you always have done.
Brianna Ghey — Rest In Power
Offline
I still need password with doas inspite of:
permit username as root
permit nopass username as root
in /etc/doas.conf
Strange
Offline
It's not meant to allow all encompassing usage, that's what su is for.
Offline
I still need password with doas inspite of
Sorry to ask but you did replace username with the actual username, right?
That syntax works for me with the Debian doas package provided the actual username is supplied.
Brianna Ghey — Rest In Power
Offline
Devarch wrote:I still need password with doas inspite of
Sorry to ask but you did replace username with the actual username, right?
That syntax works for me with the Debian doas package provided the actual username is supplied.
yes.
I've discovered that if this line is present
permit persist keepenv setenv { XAUTHORITY=/home/username/.Xauthority DISPLAY=:0.0 LANG LC_ALL } :username
than this problem is present.
Surprisingly, if this line is removed I do not need to tap password.
But without this line I can not use geany or other staff as root.
Offline
If you want to run a graphical text editor as root then either use one that takes advantage of the GVFS admin:// backend:
gedit admin:///full/path/to/file
Or stick with sudo:
SUDO_EDITOR=geany sudoedit /path/to/file
Set $SUDO_EDITOR in /etc/environment to make it permanent then just use plain sudoedit.
Running the entire GUI editor as root is simply ridiculous. Don't do it.
Brianna Ghey — Rest In Power
Offline
Head_on_a_Stick, hhank you for this hint.
What is wrong with using XAUTHORITY? Almost every linux distribution lets run editor as root? I use it to edit system files. Is there some security problem?
Last edited by Devarch (2022-10-05 19:18:23)
Offline
See https://en.wikipedia.org/wiki/Principle … _privilege — what's the point of running the graphical interface as root if you only need to use elevated priviledges to save the modified file? That's what sudoedit & admin:// do.
Almost every linux distribution lets run editor as root?
Almost every Linux distribution expressly advises against running editor GUIs as root. That's why sudoedit & admin:// exist. The latter is the default for GNOME and can also be used in the file manager so that can be operated without having to run the GUI itself as root.
EDIT: just for the record this works fine in my sway (Wayland) desktop:
doas mousepad /etc/fstab
I didn't think that was supposed to be possible
Last edited by Head_on_a_Stick (2022-10-05 19:37:10)
Brianna Ghey — Rest In Power
Offline
Surprisingly, if this line is removed I do not need to tap password.
It is because:
The last matching rule determines the action taken. If no rule matches, the ac-
tion is denied.
https://man.openbsd.org/doas.conf#DESCRIPTION
What is wrong with using XAUTHORITY?
Nothing, but you should have only one line matching the same username.
permit nopass keepenv setenv { XAUTHORITY=/home/username/.Xauthority DISPLAY=:0.0 LANG LC_ALL } username as root
Offline
There is also sudo -i to just pretty much login as root.
to make it request password everytime you might need to set alias in .bashrc when sudo is invoked.
Although I am unsure how to block sudo -i using an alias.
Offline
This is apparently a replacement option
Offline
sup? Compile-time configuration smells too much like those suck**ss tools. Definitely not my taste.
For a while now doas has got persist added on Linux too, so I see no reason any more not to use it.
Offline
Pages: 1