在FreeBSD上安装doas
大家好,我是无能。
FreeBSD 也可以使用 sudo,但在命令行操作中,例如在终端的相邻标签页中操作 GNU/Linux 环境时,如果 FreeBSD 也能使用相同的 sudo 命令,则可能会导致意外操作,因此,为了安全起见,我选择使用 doas 来禁用 sudo 的管理员权限执行,仅此而已,所以我将使用 doas。
这似乎在 FreeBSD 论坛上也有讨论。
使用 pkg 安装
# pkg install doas
Updating FreeBSD repository catalogue...
Fetching data.pkg: 100% 7 MiB 7.5MB/s 00:01
Processing entries: 100%
FreeBSD repository update completed. 35521 packages processed.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):
New packages to be INSTALLED:
doas: 6.3p12
Number of packages to be installed: 1
24 KiB to be downloaded.
Proceed with this action? [y/N]: y
[1/1] Fetching doas-6.3p12.pkg: 100% 24 KiB 24.6kB/s 00:01
Checking integrity... done (0 conflicting)
[1/1] Installing doas-6.3p12...
[1/1] Extracting doas-6.3p12: 100%
=====
Message from doas-6.3p12:
--
To use doas,
/usr/local/etc/doas.conf
must be created. Refer to doas.conf(5) for further details and/or follow
/usr/local/etc/doas.conf.sample as an example.
Note: In order to be able to run most desktop (GUI) applications, the user
needs to have the keepenv keyword specified. If keepenv is not specified then
key elements, like the user's $HOME variable, will be reset and cause the GUI
application to crash.
Users who only need to run command line applications can usually get away
without keepenv.
When in doubt, try to avoid using keepenv as it is less secure to have
environment variables passed to privileged users.
然后,编辑 /usr/local/etc/doas.conf 并添加以下内容:
permit keepenv username
执行
现在,切换到指定用户,并尝试执行 doas command。
$ su - username
$ doas vim /usr/local/etc/doas.conf
Password:
输入密码后,成功执行。