0

doas is a sudo-like command recently packaged in Debian 12, Ubuntu Jammy (universe) and some other Linux distros.

A non sudoers user (doasuser) can be added to /etc/doas.conf to be granted root access. Detailed instructions on Debian Wiki.

Problem:

The doasuser isn't a member of any group. If you grant root access to doasuser, this information isn't synchronized with sudo (seen as unprivileged user). doas only comes with a binary program, a PAM configuration file and /etc/doas.conf.

Apart from /etc/doas.conf, a superuser can't find the permissions of the doasuser.

Is there any command line to check the permissions of doasuser?

Improve this question
2
  • 1
    I fail to parse the question 'check the permissions of doasuser seen as unprivileged by sudo?' or 'check permissions of a non sudoers user with full root access?' Commented Feb 9, 2024 at 11:29
  • 1
    If I understand it correctly, you just want to see what a given user can do with doas. sudo isn't really relevant to the question at all except in that doas is a vaguely a sudo-like tool. The mentions of sudo in the question are just confusing the issue. If you need to mention sudo at all, you probably just want the equivalent of sudo -l or sudo -lU <user> for doas Commented Feb 9, 2024 at 11:45

2 Answers 2

Reset to default
2

doas doesn’t provide a command to list all the privileges it grants to a given user; all you can do is check whether a given command is permitted for the current user:

doas -C /etc/doas.conf some command

will tell you if, given the settings in /etc/doas.conf, the current user would be allowed to run some command (and whether or not the user would be asked for a password to do so).

From the perspective of a “superuser”, this means that you’d need to switch to the doasuser’s identity, then run doas -C as above to check the privileges.

sudo and doas are separate tools, so it’s not surprising that sudo isn’t aware of doas configuration (and vice versa). You should really only use one on any given system.

Improve this answer
1

As far as I understood this question, there is a program named doas which can be used similar to sudo. The simple command that can be used to check if a user has root privileges is the following (in shell scripting):

if [ "$(id -u)" != "0" ]; then # the user is not root fi

The same above command can be used both for sudo, or doas.

Explanation: id is a command which is used to print real and effective user and group IDs; specifically, id -u prints only the effective user ID. If the user has root permissions, their effective ID will be 0.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.