What is DOAS?
doas is a utility, that can permit users to execute commands as root or as another user. Groups as well as users can be permitted to do.
Installing DOAS on FreeBSD.
# pkg install doas
The manual for doas is nice and simple.
# man doas.conf
Configuring DOAS.
In this example, I will configure doas to permit members of the wheel group to use the FreeBSD service command script, that can start and stop services, such as an nginx web server, without a password. This is a safe and trivial command to disable password requirement for.
# nano /usr/local/etc/doas.conf
permit nopass :wheel as root cmd service
If I wanted to limit, which arguments, that can be passed to the command, I could specifiy this with the args feature.
# nano /usr/local/etc/doas.conf
permit nopass :wheel as root cmd service args nginx onestart
Testing.
$ doas service nginx onestart
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx
Be aware, that doas requires, that the command is matched exactly. The following definition will not work.
# nano /usr/local/etc/doas.conf
permit nopass :wheel as root cmd /usr/sbin/service args nginx onestart
$ doas service nginx onestart
doas: Operation not permitted