diff --git a/en_US/cloud-platform/cloud-platform.setup.sudo.md b/en_US/cloud-platform/cloud-platform.setup.sudo.md index 52271a5e..4cdae9c2 100644 --- a/en_US/cloud-platform/cloud-platform.setup.sudo.md +++ b/en_US/cloud-platform/cloud-platform.setup.sudo.md @@ -1,6 +1,8 @@ # Setup sudo for cloud deployment -## What is `sudo` +[TOC] + +## What is `sudo` (Linux) and `doas` (OpenBSD) From [wikipedia](https://en.wikipedia.org/wiki/Sudo): @@ -21,14 +23,16 @@ From [wikipedia](https://en.wikipedia.org/wiki/Sudo): > never requiring a password at all for a particular command line. It can also > be configured to permit passing arguments or multiple commands. -## Setup sudo for iRedMail cloud deployment +OpenBSD uses its own sudo-like program for this purpose, it's called `doas` +which means *__execute commands as another user__*. With the iRedMail cloud platform, you can deploy iRedMail by connecting to -target server via ssh as a non-privileged user (e.g. `ubuntu`) which is allowed -to run command as `root` with `sudo`. +target server (via ssh) as a non-privileged user (e.g. user `iredmail`) which +is allowed to run command as `root` with `sudo`. -Let's say you're going to connect as user `ubuntu`, steps to setup sudo for -`ubuntu` user: +## Linux: Setup sudo + +Let's say you're going to connect as user `iredmail`: * Run command `visudo` as root user. @@ -40,16 +44,51 @@ Let's say you're going to connect as user `ubuntu`, steps to setup sudo for * Add lines below at the end, save your changes and quit `visudo`. ``` -# Allow user `ubuntu` to run all commands without typing its own password. -ubuntu ALL=(ALL) NOPASSWD: ALL +# Allow user `iredmail` to run all commands without typing its own password. +iredmail ALL=(ALL) NOPASSWD: ALL # We're going to connect without a real tty, below setting will speed up the # iRedMail deployment process. -Defaults:ubuntu !requiretty +Defaults:iredmail !requiretty ``` +To verify the sudo configuration, please login as user `iredmail` first, then run +command: + +``` +sudo ls /root/ +``` + +If sudo is correctly configured, it will show you list of files under `/root` +directory. + +## OpenBSD: Setup doas + +Let's say you're going to connect as user `iredmail`. + +Append line below to file `/etc/doas.conf` (if this file doesn't exist, please +create it manually): + +``` +permit nopass iredmail as root +``` + +To verify the sudo configuration, please login as user `iredmail` first, then run +command: + +``` +doas ls /root/ +``` + +If sudo is correctly configured, it will show you list of files under `/root` +directory. + ## References -* [sudo manual page](https://www.sudo.ws/man/1.8.3/sudo.man.html) -* [10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux](https://www.tecmint.com/sudoers-configurations-for-setting-sudo-in-linux/) -* [Difference Between su and sudo and How to Configure sudo in Linux](https://www.tecmint.com/su-vs-sudo-and-how-to-configure-sudo-in-linux/) +* Linux `sudo`: + * [sudo manual page](https://www.sudo.ws/man/1.8.3/sudo.man.html) + * [10 Useful Sudoers Configurations for Setting ‘sudo’ in Linux](https://www.tecmint.com/sudoers-configurations-for-setting-sudo-in-linux/) + * [Difference Between su and sudo and How to Configure sudo in Linux](https://www.tecmint.com/su-vs-sudo-and-how-to-configure-sudo-in-linux/) +* OpenBSD `doas`: + * [doas(5) manual page](https://man.openbsd.org/doas.conf.5) + * [doas(1) manual page](https://man.openbsd.org/doas.1) diff --git a/html/cloud-platform.setup.sudo.html b/html/cloud-platform.setup.sudo.html index fd91acb2..82517417 100644 --- a/html/cloud-platform.setup.sudo.html +++ b/html/cloud-platform.setup.sudo.html @@ -16,7 +16,18 @@ iRedMail // Document Index
sudo
sudo
(Linux) and doas
(OpenBSD)From wikipedia:
-sudo is a program for Unix-like computer operating systems that allows users @@ -35,12 +46,13 @@ password per user or group; requiring re-entry of a password every time or never requiring a password at all for a particular command line. It can also be configured to permit passing arguments or multiple commands.
OpenBSD uses its own sudo-like program for this purpose, it's called doas
+which means execute commands as another user.
With the iRedMail cloud platform, you can deploy iRedMail by connecting to
-target server via ssh as a non-privileged user (e.g. ubuntu
) which is allowed
-to run command as root
with sudo
.
Let's say you're going to connect as user ubuntu
, steps to setup sudo for
-ubuntu
user:
iredmail
) which
+is allowed to run command as root
with sudo
.
+Let's say you're going to connect as user iredmail
:
Run command visudo
as root user.
Add lines below at the end, save your changes and quit visudo
.
# Allow user `ubuntu` to run all commands without typing its own password.
-ubuntu ALL=(ALL) NOPASSWD: ALL
+# Allow user `iredmail` to run all commands without typing its own password.
+iredmail ALL=(ALL) NOPASSWD: ALL
# We're going to connect without a real tty, below setting will speed up the
# iRedMail deployment process.
-Defaults:ubuntu !requiretty
+Defaults:iredmail !requiretty
+To verify the sudo configuration, please login as user iredmail
first, then run
+command:
+sudo ls /root/
+
+
+If sudo is correctly configured, it will show you list of files under /root
+directory.
+OpenBSD: Setup doas
+Let's say you're going to connect as user iredmail
.
+Append line below to file /etc/doas.conf
(if this file doesn't exist, please
+create it manually):
+permit nopass iredmail as root
+
+
+To verify the sudo configuration, please login as user iredmail
first, then run
+command:
+doas ls /root/
+
+
+If sudo is correctly configured, it will show you list of files under /root
+directory.
References