← 返回命令列表

Linux command

doas 命令

文本

复制后可按需替换文件名、目录或参数。

常用示例

Run a command as root

doas [command]

Run a command as another user

doas -u [username] [command]

Start a root shell

doas -s

Start a shell as another user

doas -u [username] -s

Run without requiring password

doas -n [command]

Check if doas.conf

doas -C [/etc/doas.conf] [command]

Clear cached credentials

doas -L

说明

doas (dedicated openbsd application subexecutor) is a minimal program for running commands as another user, typically root. It originated in OpenBSD as a simpler, more secure alternative to sudo with a significantly smaller codebase and attack surface. Configuration is done through /etc/doas.conf with simple rules specifying who can run what. A basic rule might be: permit persist :wheel to allow members of the wheel group to execute commands as root with credential caching. The configuration syntax is straightforward: each line is a rule with permit or deny, optional keywords like nopass (no password), persist (cache credentials), keepenv (preserve environment), and specifications for user, group, and allowed commands. Unlike sudo's extensive feature set, doas focuses on the core use case of privilege escalation with minimal complexity. This makes it easier to audit and reduces potential security vulnerabilities. Many Linux distributions now package doas as a sudo alternative.

参数

-n
Non-interactive mode; fail if password is required.
-L
Clear any persisted authentication credentials.
-s
Execute the shell from SHELL environment variable or from /etc/passwd.
-u _user_
Run the command as the specified user (default: root).
-a _style_
Use the specified authentication style.
-C _config_
Parse and check the specified config file and exit.

FAQ

What is the doas command used for?

doas (dedicated openbsd application subexecutor) is a minimal program for running commands as another user, typically root. It originated in OpenBSD as a simpler, more secure alternative to sudo with a significantly smaller codebase and attack surface. Configuration is done through /etc/doas.conf with simple rules specifying who can run what. A basic rule might be: permit persist :wheel to allow members of the wheel group to execute commands as root with credential caching. The configuration syntax is straightforward: each line is a rule with permit or deny, optional keywords like nopass (no password), persist (cache credentials), keepenv (preserve environment), and specifications for user, group, and allowed commands. Unlike sudo's extensive feature set, doas focuses on the core use case of privilege escalation with minimal complexity. This makes it easier to audit and reduces potential security vulnerabilities. Many Linux distributions now package doas as a sudo alternative.

How do I run a basic doas example?

Run `doas [command]` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -n do in doas?

Non-interactive mode; fail if password is required.