Handbook: Add a small chapter about doas as an alternative to sudo
doas is a viable alternative to sudo, so it is worth to be mentioned in our handbook. Reviewed by: 0mp (early version) Differential Revision: https://reviews.freebsd.org/D28483
This commit is contained in:
Gordon Bergling
parent
b0a8663bb4
commit
180b5eb083
1 changed files with 23 additions and 0 deletions
|
|
@ -2125,3 +2125,26 @@ While sessions are logged, any administrator is able to remove sessions and leav
|
|||
====
|
||||
|
||||
The `sudoreplay` is extremely extendable. Consult the documentation for more information.
|
||||
|
||||
[[security-doas]]
|
||||
As an alternative to package:security/sudo[] package:security/doas[] can be used to provide the ability for users to get enhanced privileges.
|
||||
|
||||
The doas utility is available via the ports collection in package:security/doas[] or via the man:pkg[8] utility.
|
||||
|
||||
After the installation [.filename]#/usr/local/etc/doas.conf# must be configured to grant access for users for specific commands, or roles.
|
||||
|
||||
The simpliest entry could be the following, which grants local_user root permissions without asking for its password when executing the doas command.
|
||||
|
||||
[source,bash]
|
||||
....
|
||||
permit nopass local_user as root
|
||||
....
|
||||
|
||||
For more configuration examples, please read man:doas.conf[5].
|
||||
|
||||
After the installation and configuration of the `doas` utility, a command can now be executed with enhanced privileges, like for example.
|
||||
|
||||
[source,bash]
|
||||
....
|
||||
$ doas vi /etc/rc.conf
|
||||
....
|
||||
|
|
|
|||
Loading…
Reference in a new issue