diff options
Diffstat (limited to 'system/opendoas/README')
-rw-r--r-- | system/opendoas/README | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/system/opendoas/README b/system/opendoas/README new file mode 100644 index 000000000000..2e57141ec121 --- /dev/null +++ b/system/opendoas/README @@ -0,0 +1,67 @@ +This is the "OpenDoas" port of OpenBSD's doas. + +The doas utility is a program originally written for OpenBSD that +allows a user to run a command as though they were another user, +typically root. doas acts as an alternative to sudo, with simple +configuration syntax and a smaller code base for ease of security +auditing. + +Please note that running this SlackBuild will install doas with SUID +root. + +To get started, write a configuration file at /etc/doas.conf. As an +example, including the line: + + permit :wheel as root + +will allow all users in the wheel group to act as root with doas. +Consult the doas.conf(5) man page for further details. + +The parameter "keepenv" in /etc/doas.conf allows for opening graphical +applications with doas: + + permit keepenv gene as root + +"exec dbus-launch --exit-with-session" may be required for xinit in +Slackware 14.2. An alternative is to run "export $(dbus-launch)" after +starting the X session. As with su, KDE 4 graphical applications may +fail to open with doas. + +Running this SlackBuild without parameters will provide a build of +OpenDoas with shadow support if PAM is not installed, and with PAM +support if PAM is installed. Password persistence is disabled by +default. + +To enable timestamp-based password persistence, call the SlackBuild +with PERSIST=yes: + + PERSIST=yes ./opendoas.SlackBuild + +In addition, ensure that the appropriate user or group line in +/etc/doas.conf includes the "persist" option, as in this example: + + permit persist jane as root + +Please note that upstream considers timestamp-based password +persistence to be "new and potentially dangerous." + +For users with PAM installed, enable shadow authentication instead by +calling the SlackBuild with PAM=no: + + PAM=no ./opendoas.SlackBuild + +If /etc/pam.d/other and /etc/pam.d/system-auth are unmodified from the +state in which they are shipped in -current, doas will run with PAM +support if so compiled. Otherwise, doas may require a dedicated file at +/etc/pam.d/doas to use PAM authentication. + +To allow OpenDoas to write a new PAM configuration file for doas, call +the SlackBuild with PAM_FILE=yes: + + PAM_FILE=yes ./opendoas.SlackBuild + +Upstream will not include PAM configuration files in releases of +OpenDoas beyond 6.8.1. + +opendoas has no outside dependencies on Slackware 14.2 and adds no +users or groups. opendoas conflicts with all other ports of doas. |