LinuxCommandLibrary

doas

Execute commands as another user

TLDR

Run a command as root

$ doas [command]
copy

Run a command as another user
$ doas -u [user] [command]
copy

Launch the default shell as root
$ doas -s
copy

Parse a configuration file and check if the execution of a command as another user is allowed
$ doas -C [config_file] [command]
copy

Make doas request a password even after it was supplied earlier
$ doas -L
copy

SYNOPSIS

doas [-n] [-s] [-u user] [command [arguments ...]]

PARAMETERS

-n
    Do not ask for a password.

-s
    Execute the user's shell.

-u user
    Specify the user to execute the command as. Defaults to root.

DESCRIPTION

doas is a small, secure alternative to sudo. It allows a trusted user to execute commands as another user, typically root.
doas prioritizes simplicity and security, aiming to provide a minimal and auditable privilege elevation mechanism. Its configuration is typically much simpler than sudo, residing in a single, easily understood file. doas is designed to be more secure by default than sudo by removing features and defaults which could introduce security holes. It leverages the secure coding practices and security features of the OpenBSD project where it originated.

CAVEATS

Configuration is mandatory for doas to function. The doas.conf file must be properly configured to grant permissions to users.

CONFIGURATION FILE (DOAS.CONF)

The doas.conf file located in /etc/doas.conf is where access rules are defined. Each line specifies who can run what command as which user. Example: 'permit user alice as root cmd /usr/bin/apt update' allows user Alice to run 'apt update' as root.

SECURITY CONSIDERATIONS

doas prioritizes security by minimizing features and implementing strict access controls. Always carefully review and understand the configuration file to ensure only necessary privileges are granted. Regular audits of the doas.conf file are recommended.

HISTORY

doas was originally developed as part of the OpenBSD project to provide a simpler and more secure alternative to sudo. Its development has focused on maintaining a small codebase and prioritizing security best practices. Its usage has expanded to other Linux distributions due to its simplicity and security advantages.

SEE ALSO

sudo(8), su(1)

Copied to clipboard