{"id":50491206,"url":"https://github.com/doas-utils/doasudo","last_synced_at":"2026-06-02T03:01:02.994Z","repository":{"id":359451211,"uuid":"1179176739","full_name":"doas-utils/doasudo","owner":"doas-utils","description":"A POSIX shell shim that translates sudo(8) invocations to doas(1)","archived":false,"fork":false,"pushed_at":"2026-05-31T20:57:51.000Z","size":348,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-31T22:21:08.602Z","etag":null,"topics":["doas","posix","shell","shim","sudo"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/doas-utils.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-11T19:08:08.000Z","updated_at":"2026-05-31T20:57:55.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/doas-utils/doasudo","commit_stats":null,"previous_names":["doas-utils/doas-sudo-shim","doas-utils/doasudo"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/doas-utils/doasudo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doas-utils%2Fdoasudo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doas-utils%2Fdoasudo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doas-utils%2Fdoasudo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doas-utils%2Fdoasudo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/doas-utils","download_url":"https://codeload.github.com/doas-utils/doasudo/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doas-utils%2Fdoasudo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33803734,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["doas","posix","shell","shim","sudo"],"created_at":"2026-06-02T03:00:58.764Z","updated_at":"2026-06-02T03:01:02.986Z","avatar_url":"https://github.com/doas-utils.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# doasudo\n\nA POSIX shell shim that translates `sudo(8)` invocations to `doas(1)`, with full option coverage, POSIX-safe argument parsing, and security hardening. Drop it in as `sudo` on systems where doas is the privilege escalation tool; scripts that call `sudo` (mostly) work without modification.\n\nInspired by [jirutka/doas-sudo-shim](https://github.com/jirutka/doas-sudo-shim) (if you don't need edit-mode support and want a minimal translation layer, consider this as an option).\n\nCompatibility: Linux, FreeBSD, OpenBSD, NetBSD, DragonFly BSD, macOS\n\n---\n\n## Supported options\n\n| sudo option | Notes |\n|-------------|-------|\n| `-u USER` | passed through to doas |\n| `-n` | passed through to doas |\n| `-H` | sets `HOME` to the target user's passwd entry |\n| `-i` | login shell via target user's passwd entry |\n| `-s` | shell via `$SHELL` or invoking user's passwd entry |\n| `-e` / `sudoedit` / `editas` | edit mode for unprivileged invokers; see below |\n| `-k` | clears doas auth (`doas -L`); with a command, runs it afterward |\n| `-K` | clears doas auth (`doas -L`); no command or other options permitted |\n| `-l` | prints a \"not supported\" notice |\n| `-v` | validates via `doas true` (honors `-n`/`-u`); best-effort, fails closed |\n| `-E`, `-A`, `-S`, `-D`, `-R` | warned and ignored |\n| `-b`, `-g` | fatal; see `sudo --help` for rationale |\n\n`SUDO_UID`, `SUDO_GID`, `SUDO_USER`, `SUDO_HOME`, and `SUDO_TTY` are set for the target process. The shim provides no support for `SUDO_COMMAND`; programs in the shim call stack will see it unset.\n\n### `doas.conf` requirement\n\nThe shim requires a broad, non-`cmd`-scoped doas rule. For example:\n\n```\npermit :wheel\n```\n\nRestrictive `cmd`-scoped rules are not supported. For instance, granting edit mode under one requires adding unrestricted shell access; use doas directly with a narrowly scoped editor rule instead.\n\n---\n\n## Edit mode\n\nWhen invoked as `sudo -e`, `sudoedit`, or `editas`, the shim copies target files to a temporary directory owned by the invoking user, runs the editor unprivileged, then writes back any changed files as the privileged user.\n\nEach file is processed in a separate editor session and written back independently, unlike real `sudoedit(8)`, which opens all files at once. For the common single-file case the behavior is identical.\n\nThe editor is taken from `$SUDO_EDITOR`, `$VISUAL`, `$EDITOR`, or `vi`. It must be a *single absolute path* (no spaces, tabs, or flags). To pass options to the editor (e.g. `vim -u NONE`), use a wrapper script:\n\n```sh\n# /usr/local/bin/vim-sudoedit\n#!/bin/sh\nexec /usr/bin/vim -u NONE \"$@\"\n```\n\nThen set `SUDO_EDITOR=/usr/local/bin/vim-sudoedit`. See `sudo --help`.\n\nEdit mode can be opted out at build time (see [Installation](#installation)).\n\n### `editas`\n\nThe shim installs `editas` alongside `sudoedit`. The name `doasedit` already exists in the wild, but `editas` mirrors doas naming better: *edit as [user]*.\n\n### Restrictions\n\n- Symbolic links may not be edited.\n- Files in a user-writable directory may not be edited.\n- Device files may not be edited.\n- Edit mode may not be invoked by root.\n\n### Security model\n\nTwo attack families in edit mode are in scope. *Symlink substitution:* an attacker replaces a path component or the target with a symlink, so the privileged write-back lands on the wrong file. *Temp-file substitution:* the unprivileged working copy is replaced or modified during the edit session so unexpected content reaches the real target during privileged write-back. A set of mitigations address these; the full security model is documented in the `SECURITY NOTE` at the top of `doasudo.in`.\n\n### Optional (paranoid) edit-mode broker\n\nThe default edit mode does not prevent same-UID exposure for the lifetime of the editor session. An optional broker keeps the working copy and editor policy outside the invoking user's tree, and returns edited bytes through a framed protocol; privileged write-back is unchanged. Enable with `DOASUDO_EDIT_BROKER=1`; for installation and security details see: [broker/README.md](broker/README.md).\n\n### Optional diffs before saving changes\n\nSetting `DOASUDO_CONFIRM_DIFF=1` in the environment will show a unified diff and require confirmation before each write-back. Without an interactive TTY (or with `-n`), edit mode exits.\n\n---\n\n## Installation\n\n```sh\nmake                           # full test suite, then build shim (run as a normal user)\ndoas make install              # live prefix, default /usr/local\nmake install PREFIX=/usr       # custom PREFIX (still elevated if under system paths)\nmake install DESTDIR=/tmp/pkg  # staged install (no host post-install folded)\n```\n\n`make install` installs files only; it does not run the test suite (run `make` first). On a live install as root with empty `DESTDIR`, the Makefile tail-invokes `post-install` (broker user + staging `chown`). Otherwise run `make post-install` (or the shipped `post-install.sh`) after unpack / from `%post`, then merge `doas-snippet.conf` into `/etc/doas.conf`. See [packaging/README.md](packaging/README.md).\n\nTo build a shim without edit-mode support, use `make EDIT_MODE=0` and `make EDIT_MODE=0 install`. This omits `sudoedit`/`editas`, edit-mode code, and edit-broker artifacts; `sudo -e` still parses but exits with a feature-not-built error.\n\n## Uninstall\n\n```sh\nmake uninstall\n```\n\nSee [packaging/README.md](packaging/README.md) for what is removed and how removal is validated.\n\n---\n\n## Testing\n\nMain test entry points:\n\n```sh\nmake check-src  # test shim and broker from source; skips the final rebuild step a full `make` does\nmake            # full test suite and shim build (run before privileged install)\n```\n\nFor per-test details and docker images, see [tests/README.md](tests/README.md).\n\nIf the test suite cannot run in your environment, build with `make doasudo` and install files to match a normal `make install` layout (the shim expects `shim-utils.sh` under `$(PREFIX)/libexec/doasudo/`; with edit mode enabled, it also expects `edit-broker-client.sh`, the broker, and contracts beside it). When using `DESTDIR` for a staged install, run `make` (or `make check-src`) on a host similar to the deployment target first. See [packaging/README.md](packaging/README.md).\n\n---\n\n## Development\n\nDesign and architecture by [p-zubieta](https://github.com/p-zubieta). Parts of the codebase were written with the help of AI coding assistants. All changes were reviewed and tested by the maintainers.\n\n---\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoas-utils%2Fdoasudo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdoas-utils%2Fdoasudo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoas-utils%2Fdoasudo/lists"}