|
OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD. |
|
Thread Tools | Display Modes |
|
|||
sudo(8) moving from base to ports
Last edited by ocicat; 18th June 2015 at 10:25 PM. Reason: updated link now that responses have been made to thread... |
|
|||
Being a recent OBSD user, I was quite surprised it was in the default installation.
(I personally won't miss it, as I am happy to su when neccessary.)
__________________
Linux since 1999, & also a BSD user. |
|
||||
Quote:
The version in base is 1.7.2p8, which is five years old this month. Todd described it as "ancient" in his post. Looking at the port published yesterday, it appears to me that the technical reason we are on the old version in base is newer versions have a dependency on devel/gettext. The port has an LDAP flavor, which will likely be popular. Last edited by jggimi; 19th June 2015 at 11:38 AM. Reason: clarity. tarball -> port |
|
||||
Quote:
http://www.openbsd.org/faq/ports/ports.html#PortsConfig The ISC licence is also compatible. |
|
|||
su(1) implements an either-or scheme -- either one has the administrative password, or one does not, and if one has knowledge of the password, one has access to everything.
Keeping the password secret also becomes harder as more administrators are needed. Plus, this creates more instances where the password can be compromised. sudo(8) implements a scheme where knowledge of the administrative password is not required, and administrative work can divided between many, & each has access to only what they need -- not everything. While this sounds bureaucratic in how to manage a staff, sudo(8) simplifies administrative tasks of single-user systems too. The real value of sudo(8) is how an administrative policy can be flexibly constructed for large and small systems alike. Readers are encouraged to read Michael Lucas' book on this very topic: https://www.michaelwlucas.com/nonfiction/sudo-mastery Highly recommended. |
|
|||
Helpful explanation.
|
|
|||
It's official now:
http://www.sudo.ws/ ...along with a blog entry from tedu@ mentioned on http://undeadly.org: http://www.tedunangst.com/flak/post/...-with-the-less Long live sudo! |
|
|||
A new entry in Following -current has been added describing the removal of the old version of sudo(8). This will be of particular interest to those upgrading from older versions of -current.
|
|
|||
sudo has received another revision prior to tagging OpenBSD 5.8-release:
http://marc.info/?l=openbsd-ports-cv...4838426007&w=2 Not that I intend to post notices of all revisions, but the point is that sudo development is not static. FYI. |
|
||||
And a replacement service called doas(8) has just been added to -current. It's undergoing lots of additional development -- -current users and other interested parties can track the various development threads via a tech@ mailing list archive or by subscribing to the list.
|
|
|||
Quote:
|
|
|||
Quote:
Is there a brief write-up on how to invoke doas(8) and use it? Am I right to guess that doas(8) will be the default in OpenBSD 5.8 release version which, based on past trends, is due for release to the public sometime in November? |
|
||||
Quote:
Code:
NAME doas — execute commands as another user SYNOPSIS doas [-u user] command [args] DESCRIPTION The doas utility executes the given command as another user. The options are as follows: -u user Execute the command as user. The default is root. EXIT STATUS The doas utility exits 0 on success, and >0 if an error occurs. It may fail because of one of the following reasons: The config file could not be parsed. The user attempted an command which is not permitted. Entered passphrase is incorrect. |
|
|||
Quote:
Fast archs (amd64, i386) already have doas in their snaps. Slower arches will take more time. Quote:
And to pre-empt the question, since someone is bound to think it: If doas does not do something that sudo does, and you need that sudo feature, the correct way to deal with it is to Code:
# pkg_add sudo |
|
|||
Quote:
|
|
|||
I like how OpenBSD updates its OS with new tricks (a.k.a. features) about once every six months. There's a novelty in using it.
Coming up second would be FreeBSD. And third place goes to Ubuntu. Quote:
If that's the case, why replace sudo(8) with doas(8) in the base system? Is it because of possible security vulnerabilties in sudo(8), correctness of software code, much like in the case of OpenSSL versus LibreSSL in which the latter is the de facto standard? |
|
|||
Quote:
http://daemonforums.org/showpost.php...89&postcount=8 |
|
|||
The sudo in base was old. Having it in ports allows it to be updated basically in real-time (seeing as the person who maintains sudo is also an OpenBSD developer). It also allows for ldap and gettext flavors, for those who need it.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Moving /var to /usr/var | sharris | FreeBSD General | 2 | 6th August 2010 12:00 AM |
-Stable Ports with -Release+Errata Base | Android1 | OpenBSD Packages and Ports | 5 | 16th May 2010 09:26 PM |
Moving to ZFS | Business_woman | FreeBSD General | 6 | 20th October 2008 03:28 PM |
Moving FreeBSD to new PC? | cwhitmore | FreeBSD General | 23 | 22nd July 2008 02:59 PM |
Moving files | Weaseal | Programming | 2 | 14th July 2008 07:30 AM |