diff --git a/src/config/users-and-groups.md b/src/config/users-and-groups.md index bbf143cb..7ce72125 100644 --- a/src/config/users-and-groups.md +++ b/src/config/users-and-groups.md @@ -26,23 +26,44 @@ $ chsh -s `` must be the path to the shell as specified by `/etc/shells` or the output of `chsh -l`, which provides a list of installed shells. -## sudo +## Superuser Access -[sudo(8)](https://man.voidlinux.org/sudo.8) is installed by default, but might -not be configured appropriately for your needs. It is only necessary to -configure sudo if you wish to use it. +By default, Void includes the [`su(1)`](https://man.voidlinux.org/man1/su.1) +privilege escalation tool. Users may wish to install and configure a more +featureful alternative. -Use [visudo(8)](https://man.voidlinux.org/visudo.8) as root to edit the -[sudoers(5)](https://man.voidlinux.org/sudoers.5) file. +### sudo -To create a superuser, uncomment the line +[sudo(8)](https://man.voidlinux.org/sudo.8) is commonly used, and is highly +complex. The default configuration only allows the `root` user to run privileged +commands. + +To configure sudo, use [visudo(8)](https://man.voidlinux.org/visudo.8) as root +to edit the [sudoers(5)](https://man.voidlinux.org/sudoers.5) file. + +To create a superuser, uncomment the line: ``` -#%wheel ALL=(ALL) ALL +# %wheel ALL=(ALL) ALL ``` and add users to the `wheel` group. +### opendoas + +[doas(1)](https://man.voidlinux.org/man1/doas.1) is an alternative privilege +escalation tool, developed for OpenBSD and ported to Linux. + +To configure basic superuser access, create `/etc/doas.conf` as root with the +contents: + +``` +permit :wheel +``` + +and add users to the `wheel` group. For more complex configuration, see +[doas.conf(5)](https://man.voidlinux.org/man5/doas.conf.5). + ## Default Groups Void Linux defines a number of groups by default. diff --git a/src/installation/guides/chroot.md b/src/installation/guides/chroot.md index 0104c8be..0ea5b3ed 100644 --- a/src/installation/guides/chroot.md +++ b/src/installation/guides/chroot.md @@ -188,10 +188,10 @@ For glibc builds, generate locale files with: ### Set a Root Password -[Configure at least one super user account](../../config/users-and-groups.md). -Other user accounts can be configured later, but there should either be a root -password, or a new user account with [sudo(8)](https://man.voidlinux.org/sudo.8) -privileges. +[Configure at least one user account](../../config/users-and-groups.md). Other +user accounts can be configured later, but there should either be a root +password or a user account with [superuser +privileges](../../config/users-and-groups.md#superuser-access). To set a root password, run: @@ -199,6 +199,8 @@ To set a root password, run: [xchroot /mnt] # passwd ``` +Otherwise, install and configure a superuser access tool. + ### Enable services Services can be [enabled](../../config/services/index.md#enabling-services) diff --git a/src/installation/live-images/guide.md b/src/installation/live-images/guide.md index 780f54a4..5ffa22ef 100644 --- a/src/installation/live-images/guide.md +++ b/src/installation/live-images/guide.md @@ -70,19 +70,27 @@ Select your timezone based on standard timezone options. ## Root password Enter and confirm your `root` password for the new installation. The password -will not be shown on screen. +will not be shown on screen. This is not required if configuring superuser +access with `sudo` or `opendoas`. ## User account Choose a login (default `void`) and a descriptive name for that login. Then enter and confirm the password for the new user. You will then be prompted to -verify the groups for this new user. They are added to the `wheel` group by -default and will have `sudo` access. Default groups and their descriptions are -listed [here](../../config/users-and-groups.md#default-groups). +verify the groups for this new user. This user will be given superuser access if +`sudo` or `opendoas` is selected for superuser access. Default groups and their +descriptions are listed [here](../../config/users-and-groups.md#default-groups). Login names have some restrictions, as described in [useradd(8)](https://man.voidlinux.org/useradd.8#CAVEATS). +## Superuser Access + +Choose a tool to use for [superuser +access](../../config/users-and-groups.md#superuser-access). Choosing `su` (the +default), requires setting the root password. Choosing `sudo` or `opendoas` +requires setting up a user account. + ## Bootloader Select the disk to install a bootloader on when Void is installed. You may