To begin using doas as a non-privileged user, it must be properly configured. See #Configuration.
To use doas, simply prefix a command and its arguments with
doas and a space:
$ doas cmd
For example, to use pacman:
$ doas pacman -Syu
To get to an interactive shell with root prompt:
$ doas -s
For more information, see.
A PAM module is installed, but no default configuration or examples are included.
To allow members of group wheel to run commands as other users, create a configuration file with the following content:
The owner and group for
/etc/doas.conf should both be
0, file permissions should be set to
# chown -c root:root /etc/doas.conf # chmod -c 0400 /etc/doas.conf
/etc/doas.conf for syntax errors, run:
# doas -C /etc/doas.conf && echo "config ok" || echo "config error"
/etc/doas.confis free of syntax errors!
To allow members of the
plugdev group to run smartctl without password as root user:
permit nopass :plugdev as root cmd /usr/bin/smartctl
The general syntax form of
permit|deny [options] identity [as target] [cmd command [args ...]]
For more details read.
Consider setting up tab completion for the doas command.
Tips and tricks
doas persist feature
doas provides a persist feature: after the user successfully authenticates, do not ask for a password again for some time. It is disabled by default, enable it with the
permit persist :wheel
Smooth transition sudo to doas
For a smooth transition from sudo to doas and to stay downward compatible, you could add to your environment:
alias sudo='doas' alias sudoedit='doas rnano'
Or alternatively, symlink doas to where sudo would normally be (does not provide):
# ln -s $(which doas) /usr/bin/sudo
AUR provides this symlink as well.