elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix incorrect doas config.

This commit is contained in:
Zhang Huangbin 2018-07-12 11:31:38 +02:00
parent 8bc5711257
commit 3387c0e863
2 changed files with 101 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
en_US/cloud-platform/cloud-platform.setup.sudo.md
View File

@ -1,6 +1,8 @@
# Setup sudo for cloud deployment
## What is `sudo`
[TOC]
## What is `sudo` (Linux) and `doas` (OpenBSD)
From [wikipedia](https://en.wikipedia.org/wiki/Sudo):
@ -21,14 +23,16 @@ From [wikipedia](https://en.wikipedia.org/wiki/Sudo):
> never requiring a password at all for a particular command line. It can also
> be configured to permit passing arguments or multiple commands.
## Setup sudo for iRedMail cloud deployment
OpenBSD uses its own sudo-like program for this purpose, it's called `doas`
which means *__execute commands as another user__*.
With the iRedMail cloud platform, you can deploy iRedMail by connecting to
target server via ssh as a non-privileged user (e.g. `ubuntu`) which is allowed
to run command as `root` with `sudo`.
target server (via ssh) as a non-privileged user (e.g. user `iredmail`) which
is allowed to run command as `root` with `sudo`.
Let's say you're going to connect as user `ubuntu`, steps to setup sudo for
`ubuntu` user:
## Linux: Setup sudo
Let's say you're going to connect as user `iredmail`:
* Run command `visudo` as root user.
@ -40,16 +44,51 @@ Let's say you're going to connect as user `ubuntu`, steps to setup sudo for
* Add lines below at the end, save your changes and quit `visudo`.
```
# Allow user `ubuntu` to run all commands without typing its own password.
ubuntu ALL=(ALL) NOPASSWD: ALL
# Allow user `iredmail` to run all commands without typing its own password.
iredmail ALL=(ALL) NOPASSWD: ALL
# We're going to connect without a real tty, below setting will speed up the
# iRedMail deployment process.
Defaults:ubuntu !requiretty
Defaults:iredmail !requiretty
```
To verify the sudo configuration, please login as user `iredmail` first, then run
command:
```
sudo ls /root/
```
If sudo is correctly configured, it will show you list of files under `/root`
directory.
## OpenBSD: Setup doas
Let's say you're going to connect as user `iredmail`.
Append line below to file `/etc/doas.conf` (if this file doesn't exist, please
create it manually):
```
permit nopass iredmail as root
```
To verify the sudo configuration, please login as user `iredmail` first, then run
command:
```
doas ls /root/
```
If sudo is correctly configured, it will show you list of files under `/root`
directory.
## References
* [sudo manual page](https://www.sudo.ws/man/1.8.3/sudo.man.html)
* [10 Useful Sudoers Configurations for Setting sudo in Linux](https://www.tecmint.com/sudoers-configurations-for-setting-sudo-in-linux/)
* [Difference Between su and sudo and How to Configure sudo in Linux](https://www.tecmint.com/su-vs-sudo-and-how-to-configure-sudo-in-linux/)
* Linux `sudo`:
* [sudo manual page](https://www.sudo.ws/man/1.8.3/sudo.man.html)
* [10 Useful Sudoers Configurations for Setting sudo in Linux](https://www.tecmint.com/sudoers-configurations-for-setting-sudo-in-linux/)
* [Difference Between su and sudo and How to Configure sudo in Linux](https://www.tecmint.com/su-vs-sudo-and-how-to-configure-sudo-in-linux/)
* OpenBSD `doas`:
* [doas(5) manual page](https://man.openbsd.org/doas.conf.5)
* [doas(1) manual page](https://man.openbsd.org/doas.1)

59
html/cloud-platform.setup.sudo.html
View File

@ -16,7 +16,18 @@
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="setup-sudo-for-cloud-deployment">Setup sudo for cloud deployment</h1>
<h2 id="what-is-sudo">What is <code>sudo</code></h2>
<div class="toc">
<ul>
<li><a href="#setup-sudo-for-cloud-deployment">Setup sudo for cloud deployment</a><ul>
<li><a href="#what-is-sudo-linux-and-doas-openbsd">What is sudo (Linux) and doas (OpenBSD)</a></li>
<li><a href="#linux-setup-sudo">Linux: Setup sudo</a></li>
<li><a href="#openbsd-setup-doas">OpenBSD: Setup doas</a></li>
<li><a href="#references">References</a></li>
</ul>
</li>
</ul>
</div>
<h2 id="what-is-sudo-linux-and-doas-openbsd">What is <code>sudo</code> (Linux) and <code>doas</code> (OpenBSD)</h2>
<p>From <a href="https://en.wikipedia.org/wiki/Sudo">wikipedia</a>:</p>
<blockquote>
<p>sudo is a program for Unix-like computer operating systems that allows users
@ -35,12 +46,13 @@ password per user or group; requiring re-entry of a password every time or
never requiring a password at all for a particular command line. It can also
be configured to permit passing arguments or multiple commands.</p>
</blockquote>
<h2 id="setup-sudo-for-iredmail-cloud-deployment">Setup sudo for iRedMail cloud deployment</h2>
<p>OpenBSD uses its own sudo-like program for this purpose, it's called <code>doas</code>
which means <em><strong>execute commands as another user</strong></em>.</p>
<p>With the iRedMail cloud platform, you can deploy iRedMail by connecting to
target server via ssh as a non-privileged user (e.g. <code>ubuntu</code>) which is allowed
to run command as <code>root</code> with <code>sudo</code>.</p>
<p>Let's say you're going to connect as user <code>ubuntu</code>, steps to setup sudo for
<code>ubuntu</code> user:</p>
target server (via ssh) as a non-privileged user (e.g. user <code>iredmail</code>) which
is allowed to run command as <code>root</code> with <code>sudo</code>.</p>
<h2 id="linux-setup-sudo">Linux: Setup sudo</h2>
<p>Let's say you're going to connect as user <code>iredmail</code>:</p>
<ul>
<li>
<p>Run command <code>visudo</code> as root user.</p>
@ -53,19 +65,48 @@ keyword.</p>
<p>Add lines below at the end, save your changes and quit <code>visudo</code>.</p>
</li>
</ul>
<pre><code># Allow user `ubuntu` to run all commands without typing its own password.
ubuntu ALL=(ALL) NOPASSWD: ALL
<pre><code># Allow user `iredmail` to run all commands without typing its own password.
iredmail ALL=(ALL) NOPASSWD: ALL
# We're going to connect without a real tty, below setting will speed up the
# iRedMail deployment process.
Defaults:ubuntu !requiretty
Defaults:iredmail !requiretty
</code></pre>
<p>To verify the sudo configuration, please login as user <code>iredmail</code> first, then run
command:</p>
<pre><code>sudo ls /root/
</code></pre>
<p>If sudo is correctly configured, it will show you list of files under <code>/root</code>
directory.</p>
<h2 id="openbsd-setup-doas">OpenBSD: Setup doas</h2>
<p>Let's say you're going to connect as user <code>iredmail</code>.</p>
<p>Append line below to file <code>/etc/doas.conf</code> (if this file doesn't exist, please
create it manually):</p>
<pre><code>permit nopass iredmail as root
</code></pre>
<p>To verify the sudo configuration, please login as user <code>iredmail</code> first, then run
command:</p>
<pre><code>doas ls /root/
</code></pre>
<p>If sudo is correctly configured, it will show you list of files under <code>/root</code>
directory.</p>
<h2 id="references">References</h2>
<ul>
<li>Linux <code>sudo</code>:<ul>
<li><a href="https://www.sudo.ws/man/1.8.3/sudo.man.html">sudo manual page</a></li>
<li><a href="https://www.tecmint.com/sudoers-configurations-for-setting-sudo-in-linux/">10 Useful Sudoers Configurations for Setting sudo in Linux</a></li>
<li><a href="https://www.tecmint.com/su-vs-sudo-and-how-to-configure-sudo-in-linux/">Difference Between su and sudo and How to Configure sudo in Linux</a></li>
</ul>
</li>
<li>OpenBSD <code>doas</code>:<ul>
<li><a href="https://man.openbsd.org/doas.conf.5">doas(5) manual page</a></li>
<li><a href="https://man.openbsd.org/doas.1">doas(1) manual page</a></li>
</ul>
</li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>