Installing doas on FreeBSD

3 min

freebsd権限管理
language: ja bn en es hi pt ru zh-cn zh-tw

Hello, I'm incompetent.
FreeBSD can use sudo, but when working with commands, for example, if you are working on a GNU/Linux environment in an adjacent terminal tab, there is a possibility of unintended operations if FreeBSD can also be executed with the same sudo command. Therefore, I will use doas to disable administrator privileges with sudo, simply because it seems safer.
This also seems to be a topic of discussion on the FreeBSD Forum.

Install with pkg

This Qiita article in Japanese provides a very detailed explanation.

# pkg install doas
Updating FreeBSD repository catalogue...
Fetching data.pkg: 100%    7 MiB   7.5MB/s    00:01    
Processing entries: 100%
FreeBSD repository update completed. 35521 packages processed.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        doas: 6.3p12

Number of packages to be installed: 1

24 KiB to be downloaded.

Proceed with this action? [y/N]: y
[1/1] Fetching doas-6.3p12.pkg: 100%   24 KiB  24.6kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/1] Installing doas-6.3p12...
[1/1] Extracting doas-6.3p12: 100%
=====
Message from doas-6.3p12:

--
To use doas,

/usr/local/etc/doas.conf

must be created. Refer to doas.conf(5) for further details and/or follow
/usr/local/etc/doas.conf.sample as an example.

Note: In order to be able to run most desktop (GUI) applications, the user
needs to have the keepenv keyword specified. If keepenv is not specified then
key elements, like the user's $HOME variable, will be reset and cause the GUI
application to crash.

Users who only need to run command line applications can usually get away
without keepenv.

When in doubt, try to avoid using keepenv as it is less secure to have
environment variables passed to privileged users.

Then, edit /usr/local/etc/doas.conf and write the following:

permit keepenv username

Execution

Now, switch to the specified user and try executing doas command.

$ su - username
$ doas vim /usr/local/etc/doas.conf
Password:

After entering the password, it was successfully executed.

Related Posts