doas
Execute commands as another user
TLDR
Run a command as root
Run a command as another user
Launch the default shell as root
Parse a configuration file and check if the execution of a command as another user is allowed
Make doas request a password even after it was supplied earlier
SYNOPSIS
doas [-n] [-s] [-u user] [command [arguments ...]]
PARAMETERS
-n
Do not ask for a password.
-s
Execute the user's shell.
-u user
Specify the user to execute the command as. Defaults to root.
DESCRIPTION
doas is a small, secure alternative to sudo. It allows a trusted user to execute commands as another user, typically root.
doas prioritizes simplicity and security, aiming to provide a minimal and auditable privilege elevation mechanism. Its configuration is typically much simpler than sudo, residing in a single, easily understood file. doas is designed to be more secure by default than sudo by removing features and defaults which could introduce security holes. It leverages the secure coding practices and security features of the OpenBSD project where it originated.
CAVEATS
Configuration is mandatory for doas to function. The doas.conf file must be properly configured to grant permissions to users.
CONFIGURATION FILE (DOAS.CONF)
The doas.conf file located in /etc/doas.conf is where access rules are defined. Each line specifies who can run what command as which user. Example: 'permit user alice as root cmd /usr/bin/apt update' allows user Alice to run 'apt update' as root.
SECURITY CONSIDERATIONS
doas prioritizes security by minimizing features and implementing strict access controls. Always carefully review and understand the configuration file to ensure only necessary privileges are granted. Regular audits of the doas.conf file are recommended.
HISTORY
doas was originally developed as part of the OpenBSD project to provide a simpler and more secure alternative to sudo. Its development has focused on maintaining a small codebase and prioritizing security best practices. Its usage has expanded to other Linux distributions due to its simplicity and security advantages.