See doas.conf(5) for more details.
This is a base configuration for all openBSD systems I use.
rules work in a last match manner.
permit persist :wheel
permit nopass keepenv root # allow root to do whatever
permit :wheel cmd reboot # relist command to ensure password is needed.
permit :wheel cmd halt
permit :wheel cmd poweroffthis can be further customized based on need.
sourced from openbsd doas mastery.
poweroff/shutdown gracefully shutdown system
reboot/halt kill system immediately
most systems will be running release versions of OpenBSD
use packages unless ports are needed. If ports are needed use -stable in order to get security fixes from -current tree.
add the following to /etc/mk.conf
PORTS_PRIVSEP=YES
WRKOBJDIR=/usr/obj/ports
DISTDIR=/usr/distfiles
PACKAGE_REPOSITORY=/usr/packagescreate the directories above then change ownership to local user and group, make sure they are world readable.
also following commands:
mkdir -p ports src
cngrp wsrc ports src
chmod 775 ports srcadd the following lines to doas.conf and add SUDO=doas to /etc/mk.conf
permit keepenv nopass toxic as _pbuild
permit keepenv nopass toxic as _pfetchadd user to wsrc group: doas usermod -G wsrc toxic.
Also add
download stable ports branch from anonCVS:
cd /usr
cvs -qd anoncvs@anoncvs3.usa.openbsd.org:/cvs checkout -rOPENBSD_6_4 -P portsto update after initial clone:
cd /usr/ports
cvs -q up -Pd -rOPENBSD_6_4default shell is ksh. Configuration goes in .profile
OpenBSD, Homelab, Setup