Doas: Difference between revisions

From NixOS Wiki
imported>RePtarmagain
m Added correct list encapsulation to the nix code example, old example throws error: A definition for option `security.doas.extraRules' is not of type `list of (submodule)
Unabomberlive (talk | contribs)
Marked this version for translation
 
(7 intermediate revisions by 6 users not shown)
Line 1: Line 1:
<translate>
<!--T:1-->
[https://en.wikipedia.org/wiki/Doas doas] is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity.
[https://en.wikipedia.org/wiki/Doas doas] is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity.
 
</translate>
== Configuration ==
<translate>
 
<!--T:2-->
It is not recommended to use doas due to compatibility issues with sudo.
</translate>
<translate>
<!--T:3-->
Flake based configurations require git to be installed as a system package in order to rebuild.
</translate>
<translate>
== Configuration == <!--T:4-->
</translate>
<translate>
<!--T:5-->
The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.
The following configuration will give the user <code>foo</code> the ability to execute commands as the super user via <code>doas</code>, while disabling the <code>sudo</code> command.
 
</translate>
<translate>
<!--T:6-->
<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
security.doas.enable = true;
security.doas.enable = true;
Line 10: Line 25:
security.doas.extraRules = [{
security.doas.extraRules = [{
   users = ["foo"];
   users = ["foo"];
   keepEnv = true;  # Optional, retains environment variables while running commands
   # Optional, retains environment variables while running commands  
   persist = true;  # Optional, only require password verification a single time
  # e.g. retains your NIX_PATH when applying your config
  keepEnv = true;
   persist = true;  # Optional, don't ask for the password for some time, after a successfully authentication
}];
}];
</syntaxhighlight>
</syntaxhighlight>
</translate>
[[Category:Applications]]
[[Category:Security]]

Latest revision as of 15:09, 11 August 2024

doas is a utility to execute commands as a different user, typically the super user. It is often installed as a replacement for sudo, due to its ease of configuration and greater simplicity. It is not recommended to use doas due to compatibility issues with sudo. Flake based configurations require git to be installed as a system package in order to rebuild.

Configuration

The following configuration will give the user foo the ability to execute commands as the super user via doas, while disabling the sudo command.

security.doas.enable = true;
security.sudo.enable = false;
security.doas.extraRules = [{
  users = ["foo"];
  # Optional, retains environment variables while running commands 
  # e.g. retains your NIX_PATH when applying your config
  keepEnv = true; 
  persist = true;  # Optional, don't ask for the password for some time, after a successfully authentication
}];