OpenBSD's doas on Voidlinux

Published 2020-03-20 on Anjan's Homepage

OpenBSD’s doas is a minimal replacement for sudo. If you run a single user linux box, you can replace sudo with doas in order to have a simpler sudo configuration and usage experience.

First, install doas using xbps-install. 

sudo xbps-install opendoas

Doas rules have the following format: 

permit|deny [options] identity [as target] [cmd command [args ...]]

I like adding the persist option to my rule so that if I enter my password once, doas remembers and doesn’t constantly ask me to authenticate.

Edit /etc/doas.conf and add the following line: 

permit persist <YOURUSERNAME> as root

This allows <YOURUSERNAME> to run any command as root.

Sudoedit replacement with Doas

The rationale for sudoedit is that text editors are complex programs that could cause damage if given unchecked root access. As such, it’s better to use the cp command to copy the file so that a non-root user can edit it, run your editor as a non-root user to edit the file, and on exit run cp to overwrite the original file with the user edited file. To make a sudoedit with doas, you can make a wrapper copy files around.

However, if you use emacs, you can easily create a sudoedit replacement for doas. TRAMP for emacs supports doas. As such, I add the following to my .bashrc: 

doasedit(){
    emacsclient -nw /doas::${1}
}

Running doasedit <filename> now allows you to edit the file like sudoedit!

Uninstalling sudo

On Voidlinux, sudo is part of the base-system group. If we want to remove sudo, we must tell xbps that sudo can be substituted by doas.

To substitute doas for sudo, I edited /etc/xbps.d/99-my-settings.conf and added: 

virtualpkg=sudo:opendoas

See man xbps.d for more details on the virtualpkg keyword.

To remove sudo, we can now run: 

doas xbps-remove sudo

Have a comment on one of my posts? Start a discussion in my public inbox by sending an email to ~anjan/public-inbox@lists.sr.ht [mailing list etiquette]

Articles from blogs I follow around the net

These articles/blogs do not represent my own opinions or views.

Todo.txt-more: Efficiently managing your todo list and your time

Todo.txt More: Efficiently managing your todo list and your time Introduction I tend to get fairly enthusiastic when it comes to lists, even more so when there's a chance to optimise my productivity. The end of the year is a time for looking backward an…

via Proycon's website December 31, 2022

The PineTab2 is a new, faster Linux tablet - and it's not alone

In their December update, Pine64 announced the PineTab2, which is the successor to their PineTab from 2018. As a major change, the PineTab2 upgrades the slow A53-based A64 SoC with an A55-based Rockchip RK3566, the same chip that was used for the Quartz64…

via TuxPhones - Linux phones, tablets and portable devices December 19, 2022

I shall toil at a reduced volume

Over the last nine years I have written 300,000 words for this blog on the topics which are important to me. I am not certain that I have much left to say. I can keep revisiting these topics for years, each time adding a couple more years of wisdom and impro…

via Drew DeVault's blog December 1, 2022

Generated by openring

Subscribe via RSS

Pages

Homepage
Projects
Resume

Services

XMPP
Email

irc nick (OFTC, libera.chat) anjan

sourcehut ~anjan

XMPP/Jabber anjan -at- momi.ca

Matrix @anjan:postmarketos.org

email anjan -at- momi.ca

pgp? BF5CD7823BA2B218

gitlab anjandev

github anjandev

donate to me - liberapay anjan

License

Website theme © 2015 Drew DeVault
ssg5 © 2018-2019 Roman Zolotarev
rssg © 2018 Roman Zolotarev

This website's code is
released under AGPL-3.0-or-later.
The content for this site is CC-BY-SA unless otherwise noted.
Privacy Policy

Powered by Alpine Linux Powered by Prosody XMPP server

Become a Conservancy Sustainer!