Unlike sudo, doas on OpenBSD is pre-installed (from version 5.8 onwards) but needs configuration to be “enabled” for specific users. Here’s how to get doas working:
1. Configure doas permissions:
- Edit the configuration file:
sudo visudo
(oree /etc/doas.conf
for experienced users)
Important: Editing /etc/doas.conf
requires caution. Use visudo
which validates the syntax to avoid mistakes.
- Add a line specifying which users can use doas. Here’s an example to allow users in the “wheel” group to run commands as root:
permit wheel :root
This line grants permission to users in the “wheel” group to execute commands as the root user. You can find more details on configuration options in the doas.conf man page: man doas.conf
2. Verify Configuration (Optional):
- You can test your configuration without applying changes by running:
doas -C /etc/doas.conf <command>
Replace <command>
with any command to see if doas allows it based on your configuration. This won’t execute the command, but will show a message like “permit” or “deny” depending on access.
3. Additional Considerations:
- By default, doas prompts for a password every time. To enable password caching for a while (similar to sudo), you can add the
persist
option in the doas.conf file. Refer to the doas.conf man page for details. - Remember, granting doas access, especially to root privileges, should be done with caution.
For further reference, you can refer to these resources:
- doas.conf man page:
man doas.conf