Forrest logo
tool overview
On this page you find all important commands for the CLI tool doas. If the command you are looking for is missing please ask our AI.

doas

DOAS (short for "do as") is a command line tool used for executing commands with the privileges of another user, typically the root user, in Unix-like operating systems. It is an alternative to the more well-known "sudo" command.

DOAS was primarily developed for OpenBSD to address certain security concerns related to "sudo," which is known for its complexity and potential vulnerabilities. DOAS is designed to be simpler and focus solely on privilege escalation without compromising security.

Key features and characteristics of DOAS include:

  1. Simplicity: DOAS has a straightforward and minimalistic configuration file syntax, making it easier to set up and maintain. It aims to fulfill the basic use cases of privilege escalation, without introducing complex functionality.

  2. Secure Defaults: DOAS follows the principle of least privilege, allowing specific commands to be executed with escalated privileges, while limiting potential security risks by default. It tries to minimize opportunities for privilege escalation attacks.

  3. Centralized Configuration: DOAS reads its configuration from a central file (/etc/doas.conf), which makes it simple to manage access rules for multiple users and commands in one place.

  4. Logging: DOAS has built-in logging support, which allows administrators to monitor and trace privileged commands executed with DOAS. It aids in security auditing and identifying potential misuse.

  5. Compatibility: Although initially developed for OpenBSD, DOAS has been ported to other Unix-like systems like FreeBSD, NetBSD, and macOS, making it available across multiple platforms.

Overall, DOAS aims to provide a simpler and more secure alternative to "sudo" for privilege escalation, while maintaining compatibility and ease of use.

List of commands for doas:

  • doas:tldr:47ae0 doas: Launch the default shell as root.
    $ doas -s
    try on your machine
    explain this command
  • doas:tldr:a4ffe doas: Make `doas` request a password even after it was supplied earlier.
    $ doas -L
    try on your machine
    explain this command
  • doas:tldr:ca2b0 doas: Run a command as root.
    $ doas ${command}
    try on your machine
    explain this command
  • doas:tldr:e579e doas: Parse a config file and check if the execution of a command as another user is allowed.
    $ doas -C ${config_file} ${command}
    try on your machine
    explain this command
  • doas:tldr:f14c4 doas: Run a command as another user.
    $ doas -u ${user} ${command}
    try on your machine
    explain this command
tool overview