mirror of
https://github.com/Ponce/slackbuilds
synced 2024-11-16 19:50:19 +01:00
7f26b9929f
Signed-off-by: Heinz Wiesinger <pprkut@slackbuilds.org> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org> |
||
---|---|---|
.. | ||
doinst.sh | ||
opendoas.info | ||
opendoas.SlackBuild | ||
README | ||
slack-desc |
This is the "OpenDoas" port of OpenBSD's doas. The doas utility is a program originally written for OpenBSD that allows a user to run a command as though they were another user, typically root. doas acts as an alternative to sudo, with simple configuration syntax and a smaller code base for ease of security auditing. Please note that running this SlackBuild will install doas with SUID root. To get started, write a configuration file at /etc/doas.conf. As an example, including the line: permit :wheel as root will allow all users in the wheel group to act as root with doas. Consult the doas.conf(5) man page for further details. The parameter "keepenv" in /etc/doas.conf allows for opening graphical applications with doas: permit keepenv gene as root "exec dbus-launch --exit-with-session" may be required for xinit in Slackware 14.2. An alternative is to run "export $(dbus-launch)" after starting the X session. As with su, KDE 4 graphical applications may fail to open with doas. Running this SlackBuild without parameters will provide a build of OpenDoas with shadow support if PAM is not installed, and with PAM support if PAM is installed. Password persistence is disabled by default. To enable timestamp-based password persistence, call the SlackBuild with PERSIST=yes: PERSIST=yes ./opendoas.SlackBuild In addition, ensure that the appropriate user or group line in /etc/doas.conf includes the "persist" option, as in this example: permit persist jane as root Please note that upstream considers timestamp-based password persistence to be "new and potentially dangerous." For users with PAM installed, enable shadow authentication instead by calling the SlackBuild with PAM=no: PAM=no ./opendoas.SlackBuild If /etc/pam.d/other and /etc/pam.d/system-auth are unmodified from the state in which they are shipped in -current, doas will run with PAM support if so compiled. Otherwise, doas may require a dedicated file at /etc/pam.d/doas to use PAM authentication. To allow OpenDoas to write a new PAM configuration file for doas, call the SlackBuild with PAM_FILE=yes: PAM_FILE=yes ./opendoas.SlackBuild Upstream will not include PAM configuration files in releases of OpenDoas beyond 6.8.1. opendoas has no outside dependencies on Slackware 14.2 and adds no users or groups. opendoas conflicts with all other ports of doas.