opendoas

A portable version of the OpenBSD `doas` command
git clone https://pi.duncano.de/git/opendoas.git
Log | Files | Refs | README | LICENSE

commit cbbdf2e13e296a577f0e161999681eec97d61cd9
parent d20bb2e26f033daa05e29eb4d1b67b5ea027ed95
Author: Nathan Holstein <nathan.holstein@gmail.com>
Date:   Wed,  5 Aug 2015 02:52:21 -0400

Add README.md.

Diffstat:
README.md | 51+++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+), 0 deletions(-)

diff --git a/README.md b/README.md @@ -0,0 +1,51 @@ +# OpenDoas: a portable version of OpenBSD's `doas` command + +`doas` is a minimal replacement for the venerable `sudo`. It was +initially [written by Ted Unangst](http://www.tedunangst.com/flak/post/doas) +of the OpenBSD project to provide 95% of the features of `sudo` with a +fraction of the codebase. + +This is still a work in progress! Please do not deploy yet in a critical +environment! Of note, `doas` semantics may yet change, and I haven't +completed PAM integration yet! + +## Building and installing + +Building `doas` should be just a simple `make` away. + +The included makefile also has an installation target. Installation +requires root access to properly set the executable permissions. You'll +also need to install a `doas.conf` file: + +``` +make && sudo make install +echo "permit :admin" | sudo tee /etc/doas.conf +``` + +Oh the irony, using `sudo` to install `doas`! + +## About the port + +As much as possible I've attempted to stick to `doas` as tedu desired +it. As things stand it's essentially just code lifted from OpenBSD with +PAM based authentication glommed on to it. + +I've used cvsync and git-cvsimport to retain the history of the core +source files. I may choose to go back and do the same with some of the +compatibility functions (such as reallocarray.c). + +I have found it necessary to make some fixes to the codebase. One was +a segfault due to differences in yacc/bison, others were just minor +fixes to warnings. Once this appears stable, I may try to upstream some +of these. + +Currently, this is only tested on MacOSX 10.10 with Clang. My next goal +is support for Fedora Linux as well. Contributions gladly accepted. ;-) + +## Copyright + +All code from OpenBSD is licensed under the BSD license, please see +individual files for details as the specific text varies from file to +file. + +All code I've written is licensed with the 2-clause BSD.