D28483.diff
No OneTemporary
Actions

Size

1 KB

Referenced Files

None

Subscribers

None

D28483.diff
View Options

	diff --git a/documentation/content/en/books/handbook/security/_index.adoc b/documentation/content/en/books/handbook/security/_index.adoc
	--- a/documentation/content/en/books/handbook/security/_index.adoc
	+++ b/documentation/content/en/books/handbook/security/_index.adoc
	@@ -2125,3 +2125,26 @@
	====

	The `sudoreplay` is extremely extendable. Consult the documentation for more information.
	+
	+[[security-doas]]
	+As an alternative to package:security/sudo[] package:security/doas[] can be used to provide the ability for users to get enhanced privileges.
	+
	+The doas utility is available via the ports collection in package:security/doas[] or via the man:pkg[8] utility.
	+
	+After the installation [.filename]#/usr/local/etc/doas.conf# must be configured to grant access for users for specific commands, or roles.
	+
	+The simpliest entry could be the following, which grants local_user root permissions without asking for its password when executing the doas command.
	+
	+[source,bash]
	+....
	+permit nopass local_user as root
	+....
	+
	+For more configuration examples, please read man:doas.conf[5].
	+
	+After the installation and configuration of the `doas` utility, a command can now be executed with enhanced privileges, like for example.
	+
	+[source,bash]
	+....
	+$ doas vi /etc/rc.conf
	+....