1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
This is the "OpenDoas" port of OpenBSD's doas.
The doas utility is a program originally written for OpenBSD that
allows a user to run a command as though they were another user,
typically root. doas acts as an alternative to sudo, with simple
configuration syntax and a smaller code base for ease of security
auditing.
Please note that running this SlackBuild will install doas with SUID
root.
To get started, write a configuration file at /etc/doas.conf. As an
example, including the line:
permit :wheel as root
will allow all users in the wheel group to act as root with doas.
Consult the doas.conf(5) man page for further details.
The parameter "keepenv" in /etc/doas.conf allows for opening graphical
applications with doas:
permit keepenv gene as root
"exec dbus-launch --exit-with-session" may be required for xinit in
Slackware 14.2. An alternative is to run "export $(dbus-launch)" after
starting the X session. As with su, KDE 4 graphical applications may
fail to open with doas.
Running this SlackBuild without parameters will provide a build of
OpenDoas with shadow support if PAM is not installed, and with PAM
support if PAM is installed. Password persistence is disabled by
default.
To enable timestamp-based password persistence, call the SlackBuild
with PERSIST=yes:
PERSIST=yes ./opendoas.SlackBuild
In addition, ensure that the appropriate user or group line in
/etc/doas.conf includes the "persist" option, as in this example:
permit persist jane as root
Please note that upstream considers timestamp-based password
persistence to be "new and potentially dangerous."
For users with PAM installed, enable shadow authentication instead by
calling the SlackBuild with PAM=no:
PAM=no ./opendoas.SlackBuild
If /etc/pam.d/other and /etc/pam.d/system-auth are unmodified from the
state in which they are shipped in -current, doas will run with PAM
support if so compiled. Otherwise, doas may require a dedicated file at
/etc/pam.d/doas to use PAM authentication.
To allow OpenDoas to write a new PAM configuration file for doas, call
the SlackBuild with PAM_FILE=yes:
PAM_FILE=yes ./opendoas.SlackBuild
Upstream is unlikely to include PAM configuration files in releases of
OpenDoas beyond 6.8.2.
opendoas has no outside dependencies on Slackware 14.2 or 15.0 and
adds no users or groups. opendoas conflicts with all other ports of
doas.
|