opendoas

A portable version of the OpenBSD `doas` command
git clone https://pi.duncano.de/git/opendoas.git

README.md (2044B)


      1 ![sandwich](https://cloud.githubusercontent.com/assets/13654546/9128676/a583cd0a-3c9a-11e5-9b4f-e03ab0ba37d7.png)
      2 
      3 Apologies to [Randall Monroe](http://www.xkcd.org/149/).
      4 
      5 # OpenDoas: a portable version of OpenBSD's `doas` command
      6 
      7 `doas` is a minimal replacement for the venerable `sudo`. It was
      8 initially [written by Ted Unangst](http://www.tedunangst.com/flak/post/doas)
      9 of the OpenBSD project to provide 95% of the features of `sudo` with a
     10 fraction of the codebase.
     11 
     12 This is still a work in progress! Please do not deploy yet in a critical
     13 environment! Of note, `doas` semantics may yet change, and I haven't
     14 performed even a trivial security audit of my additions.
     15 
     16 ## Building and installing
     17 
     18 Building `doas` should be just a simple `make` away.
     19 
     20 The included makefile also has an installation target. Installation
     21 requires root access to properly set the executable permissions. You'll
     22 also need to install a `doas.conf` file:
     23 
     24 ```
     25 make && sudo make install
     26 echo "permit :admin" | sudo tee /etc/doas.conf
     27 ```
     28 
     29 Oh the irony, using `sudo` to install `doas`!
     30 
     31 ## About the port
     32 
     33 As much as possible I've attempted to stick to `doas` as tedu desired
     34 it. As things stand it's essentially just code lifted from OpenBSD with
     35 PAM based authentication glommed on to it.
     36 
     37 I've used cvsync and git-cvsimport to retain the history of the core
     38 source files. I may choose to go back and do the same with some of the
     39 compatibility functions (such as reallocarray.c).
     40 
     41 I have found it necessary to make some fixes to the codebase. One was
     42 a segfault due to differences in yacc/bison, others were just minor
     43 fixes to warnings. Once this appears stable, I may try to upstream some
     44 of these.
     45 
     46 Currently, this is only tested on MacOSX 10.10 with Clang. My next goal
     47 is support for Fedora Linux as well. Contributions gladly accepted. ;-)
     48 
     49 ## Copyright
     50 
     51 All code from OpenBSD is licensed under the BSD license, please see
     52 individual files for details as the specific text varies from file to
     53 file.
     54 
     55 All code I've written is licensed with the 2-clause BSD.