SUBDO_ADD(8) System Manager's Manual SUBDO_ADD(8)


subdo_addinstall programs so they run as separate users


subdo_add [-c communication] [-p package type] [-x] package[:suffix] ...


subdo_add install packages and configure them to run as “sub” users with limited priviliges. See subdo(7).
package arguments can be either subdo(5) format package directories, standard package files (in Slackware, rpm(5), or deb(5) format), or queries to a system package manager (the pkg_add(1), pkg-add(8), pacman(8), yum(8), apt-get(8), or brew(8) commands). The package format/manager be chosen explicitly with -p and PACKAGES or inferred implicitly. See PACKAGES.
The program will be wrapped with doas(1), sudo(1), or ssh(1). This can be chosen explicitly with -c and COMMUNICATION. or inferred implicitly. See COMMUNICATION.
Set the optional [:suffix] component to create separate instances of the same subdo-wrapped package. The executables from the package will be suffixed with a colon and then the suffix; for example, the command “subdo_add firefox firefox:malware firefox:librejs subdo_add firefox:nojs” exposes executables with respective names like ~/.subdo/usr/local/bin/firefox, ~/.subdo/usr/local/bin/firefox:malware, ~/.subdo/usr/local/bin/firefox:librejs, and ~/.subdo/usr/local/bin/firefox:nojs and with corresponding users like “tlevine_firefox”, “tlevine_firefox:malware”, “tlevine_firefox:librejs”, and “tlevine_firefox:nojs”. Nothing special about firefox is configured; you can run the separate executables to configure the separate profiles.


If the environment variable SUDO_USER is set, use its value as the super. sudo(1) appropriately sets this variable automatically. doas(1) and ssh(1) do not have an equivalent, so you should set it in their configuration files.
If the environment variable SUDO_USER is not set, use LOGNAME as the super.
This is the default inter-user communication method. See COMMUNICATION.
If PACKAGES is set, use it as the default package manager. See PACKAGES for options.


-c communication
Use this as the inter-user communication method rather than COMMUNICATION. See COMMUNICATION.
-p package type
Override the setting (if any) in PACKAGES. See PACKAGES. -x
set -x
to print a trace to standard error.


subdo_add works with several package managers.

Package types

The package format/manager can be any of the following.
The subdo(5) package directory format, for programs that are not available in your package manager or that you want to configure further
OpenBSD package(5) through pkg_add(1) and pkg_info(1)
FreeBSD package(5) through pkg-add(8) and pkg-info(8)
NetBSD package(5) through pkg_add(1) and pkg_info(1)
apt-get(8) and dpkg-query(1)
deb(5) through dpkg(1) and dpkg-deb(1)
rpm(8) and yum(8); dnf(8) also works because it is backwards-compatible.
rpm(5) through rpm(8)
Slackware packages through installpkg(8), based on pkgtool(8)

Selection procedure

The package format/manager is chosen by this procedure.
  1. If -p is set, use its argument.
  2. If PACKAGES is set, use its value.
  3. If it is a subdo(5) package directory, use ‘subdo’ format.
  4. If dpkg(1) is available and the package is a file with name ending in ‘.deb’, use ‘dpkg’ format.
  5. If rpm(1) is available and the package is a file with name ending in ‘.rpm’, use ‘rpm’ format.
  6. If apt-get(8) is available, use ‘apt’ format.
  7. If yum(8) is available, use ‘yum’ format.
  8. If pkgtool(8) is available, use ‘slackware’ format.
  9. If pacman(8) is available, use ‘pacman’ format.
  10. Otherwise, exit with an error.


subdo_add can configure the below inter-user communication methods. If none is set in COMMUNICATION nor -c, then subdo_add will choose the first one that is available.
Wrap the program with doas(1), and update the file /etc/doas.conf.d/subdo-$SUPER in doas.conf(5) format.
Wrap the program with sudo(1), and update the file /etc/sudoers.d/subdo-$SUPER in sudoers(5) format.
Wrap the program with ssh(1), and concatenate ~$SUPER/.ssh/*.pub to create ~$SUB/.ssh/authorized_keys. Note that this communication method is not so developed as the others: First, the super user has full access to the sub users over ssh(1), rather than only having access to the executables of interest; this is usually fine, but it is different from how subdo_add configures doas(1) and sudo(1). Second, interactive terminal programs presently don't work over ssh.


subdo_delete(8), subdo(5), subdo-shell(1), subdo-utils(8), doas(1), doas.conf(5), sudo(1), sudoers(5), ssh(1), sshd(8), pw(8), useradd(8), usermod(8), groupadd(8), dscl(1), DirectoryServiceAttributes(7), setuid(2)


The subdo utility exits 0 on success, and >0 if an error occurs.
February 28, 2018 OpenBSD 6.2