Utilizing the 'doas' Command in UNIX Systems (with Examples)
The doas
command, found primarily in OpenBSD systems, allows a user to execute commands with the privileges of another user, most commonly root. It is a utility similar to sudo
but with a simpler configuration and syntax, making it an efficient choice for quickly granting elevated permissions when necessary.
Run a Command as Root
Code:
doas command
Motivation:
In UNIX-like systems, certain commands require elevated permissions to execute. By using doas
, a user can temporarily gain root-level access to execute necessary commands without logging in as the root user. This minimizes the risks associated with having direct root access.
Explanation:
doas
: This is the command used to execute another command with escalated privileges.command
: This represents the executable or program you wish to launch with root privileges.
Example Output:
If executing doas ls /root
, you might see a directory listing of /root
, assuming you have sufficient permissions and the doas
setup permits it.
Run a Command as Another User
Code:
doas -u user command
Motivation:
There are instances where it’s necessary to run a command with the privileges of a different, non-root user. This could be due to accessing specific files or directories only that user can access or executing processes that require a user’s specific environment settings.
Explanation:
doas -u
: The-u
flag signifies that the following entry is the username whose privileges you wish to assume.user
: This is the username whose permissions you’re impersonating.command
: This is the executable task you wish to initiate with the designated user’s permissions.
Example Output:
If running doas -u alice touch /home/alice/newfile
, the command should create newfile
within Alice’s home directory, provided the permissions allow it in the doas.conf
.
Launch the Default Shell as Root
Code:
doas -s
Motivation:
Sometimes users need a root shell to perform multiple tasks that require root privileges. Rather than prefix every individual command with doas
, starting a root-shell session allows prolonged interactions with the system as the root user, streamlining workflows.
Explanation:
doas
: Initiates the utility for privilege elevation.-s
: This flag initiates a shell, starting a new session with elevated permissions.
Example Output:
Initiating doas -s
might place you in a %
or #
shell prompt, indicating elevated root privileges depending upon your system’s default shell.
Parse a Configuration File and Check Command Execution
Code:
doas -C config_file command
Motivation:
To ensure security policies are correctly set up in a doas
configuration, it might be prudent to verify whether a specific command execution is permissible. This preemptive check helps in debugging configurations without actually running the command.
Explanation:
doas -C
: This flag detail specifies thatdoas
should run in configuration-testing mode.config_file
: The designated path to adoas
configuration file.command
: A test command you want to verify for run permissions based on the configuration file.
Example Output:
Running doas -C /etc/doas.conf command
could result in a successful permission check message or an error if the command is not authorized.
Make doas
Request a Password Even After It Was Supplied
Code:
doas -L
Motivation:
Security-conscious environments might require password input for every elevation of privilege. Even if a user has successfully provided a password recently, using -L
ensures the current session re-validates credentials, enhancing security.
Explanation:
doas -L
: The-L
flag tellsdoas
to clear previous authentications, necessitating new password input even if a prior session was authenticated.
Example Output:
Initiating a command with doas -L
will prompt for a password entry, ensuring the user is verified each time anew.
Conclusion:
The doas
command is an elegant and secure means of granting elevated permissions in Unix-like Operating Systems. Whether you are running commands as root, another user, initiating a root shell session, verifying allowed commands, or enforcing password re-verification, doas
offers streamlined solutions with straightforward syntax. Its utilization not only simplifies system administration tasks but also enhances system security when configured properly.