View Single Post
  #7   (View Single Post)  
Old 7th July 2018
therue therue is offline
Port Guard
 
Join Date: Feb 2018
Posts: 21
Default

Quote:
Originally Posted by GarryR View Post
For 'doas', there is
Code:
man doas
This is a example of mine, I set it up for only specific commands.
Code:
permit nopass garry as root cmd dhclient
permit nopass garry as root cmd shutdown
permit nopass garry as root cmd mount
permit nopass garry as root cmd /etc/rc.d/nginx 
permit nopass garry as root cmd /etc/rc.d/mysqld
permit nopass garry as root cmd /etc/rc.d/php56_fpm
Another example:
Code:
permit persist setenv { PKG_PATH PKG_CACHE ENV PS1 SSH_AUTH_SOCK } :wheel
And there is a 'sudo' package available for OpenBsd, you just need to install it,
(on a side note: If you look at some history, you will see the sudo command actually was
first developed by openbsd developer)
Code:
Enter your command: doas pkg_add sudo     
quirks-2.304 signed on 2017-04-02T15:01:33Z
Ambiguous: choose package for sudo
a       0: <None>
        1: sudo-1.8.19.2
        2: sudo-1.8.19.2-gettext
        3: sudo-1.8.19.2-gettext-ldap
Your choice: ^CFatal error: Caught SIGINT
I hit ^C because I did not really want to install it.
History lesson 1 :
https://en.wikipedia.org/wiki/Sudo


I don't know about sudo much I do not use it, but with "doas", yes a command can be run in 1 line without needing to enter a password.
i read somewhere that on openbsd doas is the replacement for sudo, and since it's not isntalled by default i think i'll avoid using it in the future.

from your post, doas requiring a doas.conf file seems like a more restricted, controlled version of sudo since users are only given the commands that you allow them to use individually, so different users can have a different set of commands available. like allowing this user to shutdown the system, allow that user to install packages.

i can see that as a good way to allocate authority for say other users on the machine, but what if this is just for personal use? doesn't that seem limited? since a lot of times you won't know what you need to run as root until it's time, like if i need to write to a system file, or etc. ?

So as an admin (only user) on the machine do you just use su then?
Reply With Quote