2 > a portable version of OpenBSD's `doas` command
4 `doas` is a minimal replacement for the venerable `sudo`. It was initially [written by Ted Unangst](http://www.tedunangst.com/flak/post/doas) of the OpenBSD project to provide 95% of the features of `sudo` with a fraction of the codebase.
6 This fork insults you, similar to how `sudo` can. To enable, add the "insult" option to your `doas.conf`
8 ## Building and installation discouragements
9 There are a few steps you have to carefully consider before building and installing opendoas:
11 * There are less eyes on random doas ports, just because sudo had a vulnerability does not mean random doas ports are more secure if they are not reviewed.
12 * Use the configure script.
13 * Use the default make target.
16 This is not an official port/project from OpenBSD!
18 As much as possible I've attempted to stick to `doas` as tedu desired it. As things stand it's essentially just code lifted from OpenBSD with shadow based authentication glommed on to it.
20 Compatibility functions in libopenbsd come from openbsd directly (`strtonum.c`, `reallocarray.c`, `strlcpy.c`, `strlcat.c`), from openssh (`readpassphrase.c`) or from sudo (`closefrom.c`).
22 The shadow authentication code does not come from the OpenBSD project.
24 ### Persist/Timestamp/Timeout
25 The persist feature is disabled by default and can be enabled with the configure flag `--with-timestamp`.
27 This feature is new and potentially dangerous, in the original doas, a kernel API is used to set and clear timeouts. This API is openbsd specific and no similar API is available on other operating systems.
29 As a workaround, the persist feature is implemented using timestamp files similar to sudo.
31 See the comment block in `timestamp.c` for an in-depth description on how timestamps are created and checked to be as safe as possible.