Text only | Text with Images

Artix Linux Forum

Artix Linux => Software development => Topic started by: Glats on 15 October 2019, 15:47:33

Title: [SOLVED] Can we have doas? (a secure replacement for sudo)
Post by: Glats on 15 October 2019, 15:47:33
Seeing this security issue (https://www.openwall.com/lists/oss-security/2019/10/14/1) about sudo, if it possible the team could maintain another implementation of sudo called doas?
doas is a secure replacement of sudo and was created by the same team behind openbsd. This team always has focused on security software like: libressl, openssh, etc.
To put point in favor, in fact, voidlinux is maintain this program (https://github.com/void-linux/void-packages/tree/master/srcpkgs/opendoas) in its main repo. this program it's way more simple than sudo in many ambit like configuration and development.
However isn't an official port (https://github.com/Duncaen/OpenDoas) from openbsd but it try to attempt the more close possible to the original program.
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: phoenix_king_rus on 15 October 2019, 16:39:14
There is an AUR package (https://aur.archlinux.org/packages/opendoas) for that
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: Glats on 15 October 2019, 17:02:39
Quote from: phoenix_king_rus – on
There is an AUR package (https://aur.archlinux.org/packages/opendoas) for that
yeah. i tested and doesnt fit with artix at all. Thats i'm asking if it possible to put in the repos.
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: artoo on 16 October 2019, 10:53:48
 if it possible the team could maintain another implementation of sudo called doas?
Quote from: Glats – on
if it possible the team could maintain another implementation of sudo called doas?



The short answer is no. Probably disappointing for you, but that is the bottom line.
We are a small team, and the request involves SELinux as a depend, so no, no time left for such thing.
The package requested is also not widely used that is justifies to be in the repos.

If you don't get it working from the AUR, perhaps start a thread in the forum's AUR section asking for help.
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: missedrx on 16 October 2019, 18:56:19
@Glats

Do not know what this doas-thingy needs to do for you, but is it possible  su  provides a solution  like so :

Code: [Select]
su -c 'TheCommandYouWantExecuted'

Upon ENTER :  passwd-prompt pops up after which  command executes ; upon completion the credentials are dropped and you are returned to your original position in the hierarchy.
If no user is specified root is assumed.
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: phoenix_king_rus on 16 October 2019, 21:47:14
Quote from: missedrx – on
@Glats

Do not know what this doas-thingy needs to do for you, but is it possible  su  provides a solution  like so :

Code: [Select]
su -c 'TheCommandYouWantExecuted'

Upon ENTER :  passwd-prompt pops up after which  command executes ; upon completion the credentials are dropped and you are returned to your original position in the hierarchy.
If no user is specified root is assumed.

su requires root password whereas sudo and doas use user's
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: Glats on 16 October 2019, 22:32:33
Quote from: artoo – on
if it possible the team could maintain another implementation of sudo called doas?

The short answer is no. Probably disappointing for you, but that is the bottom line.
We are a small team, and the request involves SELinux as a depend, so no, no time left for such thing.
The package requested is also not widely used that is justifies to be in the repos.

If you don't get it working from the AUR, perhaps start a thread in the forum's AUR section asking for help.
Ah ok. no problem i understand. I didnt noticed that the program has SELinux as dependency. too bad.
anyways, thanks.
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: ndowens on 29 January 2020, 20:45:02
I am using opendoas, doesn't SEEM to use SELinux.
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: Glats on 29 January 2020, 20:53:05
https://www.archlinux.org/packages/community/x86_64/opendoas This version works perfect.
The only thing bugged me is that yay use sudo :(
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: blocked on 07 February 2021, 00:06:29
Quote from: Glats – on
Seeing this security issue (https://www.openwall.com/lists/oss-security/2019/10/14/1) about sudo, if it possible the team could maintain another implementation of sudo called doas?
doas is a secure replacement of sudo and was created by the same team behind openbsd. This team always has focused on security software like: libressl, openssh, etc.
To put point in favor, in fact, voidlinux is maintain this program (https://github.com/void-linux/void-packages/tree/master/srcpkgs/opendoas) in its main repo. this program it's way more simple than sudo in many ambit like configuration and development.
However isn't an official port (https://github.com/Duncaen/OpenDoas) from openbsd but it try to attempt the more close possible to the original program.
You can install opendoas and it works pretty well and is in the standard repos for artix.
Title: Re: Can we have doas? (a secure replacement for sudo)
Post by: linuxer on 07 February 2021, 00:29:31
Quote from: blocked – on
You can install opendoas and it works pretty well and is in the standard repos for artix.
it is in the Arch's community repo, not Artix's
Title: Re: [SOLVED] Can we have doas? (a secure replacement for sudo)
Post by: strajder on 10 February 2021, 13:14:52
Quote from: Glats – on
https://www.archlinux.org/packages/community/x86_64/opendoas This version works perfect.
The only thing bugged me is that yay use sudo :(
If you don't mind changing your AUR helper, pikaur supports doas through a configuration option.
Text only | Text with Images