OpenBSD's doas on Voidlinux

Published 2020-03-20 on Anjan's Homepage

OpenBSD’s doas is a minimal replacement for sudo. If you run a single user linux box, you can replace sudo with doas in order to have a simpler sudo configuration and usage experience.

First, install doas using xbps-install. 

sudo xbps-install opendoas

Doas rules have the following format: 

permit|deny [options] identity [as target] [cmd command [args ...]]

I like adding the persist option to my rule so that if I enter my password once, doas remembers and doesn’t constantly ask me to authenticate.

Edit /etc/doas.conf and add the following line: 

permit persist <YOURUSERNAME> as root

This allows <YOURUSERNAME> to run any command as root.

Sudoedit replacement with Doas

The rationale for sudoedit is that text editors are complex programs that could cause damage if given unchecked root access. As such, it’s better to use the cp command to copy the file so that a non-root user can edit it, run your editor as a non-root user to edit the file, and on exit run cp to overwrite the original file with the user edited file. To make a sudoedit with doas, you can make a wrapper copy files around.

However, if you use emacs, you can easily create a sudoedit replacement for doas. TRAMP for emacs supports doas. As such, I add the following to my .bashrc: 

doasedit(){
    emacsclient -nw /doas::${1}
}

Running doasedit <filename> now allows you to edit the file like sudoedit!

Uninstalling sudo

On Voidlinux, sudo is part of the base-system group. If we want to remove sudo, we must tell xbps that sudo can be substituted by doas.

To substitute doas for sudo, I edited /etc/xbps.d/99-my-settings.conf and added: 

virtualpkg=sudo:opendoas

See man xbps.d for more details on the virtualpkg keyword.

To remove sudo, we can now run: 

doas xbps-remove sudo

Have a comment on one of my posts? Start a discussion in my public inbox by sending an email to ~anjan/public-inbox@lists.sr.ht [mailing list etiquette]

Articles from blogs I follow around the net

These articles/blogs do not represent my own opinions or views.

Text processing on the Command Line - sharing my tools

Text processing on the command line - sharing my tools Introduction I'm quite fond of the command-line and spend a larger chunk of my life in a terminal emulator than I dare admit. I try to embrace the unix philosophy of using tools that "do one thing…

via Proycon's website July 7, 2024

Linux phones are not automatically secure

A common point in the Linux community is that escaping the walled garden of ecosystems like Android or iOS is already a means to higher security. Having no contact with Google or Apple servers ever again, nor cloud providers ever snooping on your private …

via TuxPhones - Linux phones, tablets and portable devices January 25, 2023

Generated by openring

Subscribe via RSS

Pages

Homepage
Projects
Resume

Services

XMPP
Email

irc nick (OFTC, libera.chat) anjan

sourcehut ~anjan

XMPP/Jabber anjan -at- momi.ca

Matrix @anjan:postmarketos.org

email anjan -at- momi.ca

pgp? BF5CD7823BA2B218

gitlab anjandev

github anjandev

donate to me - liberapay anjan

License

Website theme © 2015 Drew DeVault
ssg5 © 2018-2019 Roman Zolotarev
rssg © 2018 Roman Zolotarev

This website's code is
released under AGPL-3.0-or-later.
The content for this site is CC-BY-SA unless otherwise noted.
Privacy Policy

Powered by Alpine Linux Powered by Prosody XMPP server

Become a Conservancy Sustainer!