I see people talking about doas saying it’s just like sudo but with less features. I’m just wondering if there is any situation where you should use doas or if it’s just personal preference.
You must log in or register to comment.
On the one hand, doas is simpler. Less code means less bugs, and lower chance someone manages to hack it and gain admin rights. On the other hand, sudo is more popular, and so has a lot more people double-checking its security. Ultimately, I don’t think it matters - when someone unauthorized gains admin rights, usually it’s not due to bug in sudo or doas, but other problems.
Well said. Check your firewalls, check your ssh config, liberally use user repositories, and always tip the guard (donate to GNU)
doas, afaik, was originally made for FreeBSD, so some of its features aren’t compatible with/haven’t been implemented for Linux. That may or may not be an important issue for you to consider.
OpenBSD actually, but close
I use doas just because. It’s not necessary at all, but it can’t hurt either (I think). It might be a bit more secure (fewer features -> fewer code -> fewer bugs -> fewer vulnerabilities, need to give password more often). Kinda cool if you want more minimalism for fun (I replaced startx with sx…)
You can change the config so you don’t need to give the password every time.
Adding the persist option only requires it once every few minutes within a terminal session.
https://manpages.debian.org/bullseye/doas/doas.conf.5.en.html#persist
Yeah. I like the config file being really easy to set up… permit persist user permit nopass user cmd poweroff permit otheruser cmd [whatever]
Doas is more secure, sudo has had a few critical vulnerabilities in the past, because the codebase is much larger. Sudo has like a million features that most people don’t need, but they significantly increase attack surface.
Doas is more secure, sudo has had a few critical vulnerabilities in the past, because
… it’s newer. You wanted to say “it’s newer.” It has nowhere near the history, and looks better because it’s newer.
Please, now, trot out the “use sudo if you’re old” memes, because we grew that skin extra thick over the systemd counter-hate.
From what I hear, doas is more secure. I don’t think it matters though, as long as you keep your system updated. I use sudo still.
It’s really only more secure in the sense that in general more complicated programs have more things that can go wrong with them. Either bugs, or just user error.
That is a valid concern, and most people don’t need or use any of sudo’s extra features, so it’s completely reasonable to switch to doas because of that, but it’s not like there’s some glaring security flaw in sudo that most people really need to worry about. Especially if they’re not doing weird things in the config, which would mostly be the same people who could easily switch to doas anyway.
Thank you I think I will stick with sudo.
Well, i believe in all showcased cases from people here, they are NOT replacing sudo entirely (Except if some are from BSD or if I’m incorrect with this assumption). They are just replacing their user habit with doas and use that command instead. In the end, all unix scripts or apps expect using sudo (If not, su) so… ### What’s even the need to ?
- Size : Installed on top of the already system present sudo.
- Security : Only perhaps if you made a sudo alias to doas (But since it isn’t entirely 1:1 identical, if anyone have a cleaner way of implementing that, I’m all hear)
- Simplicity : You now have two tools. A easy to use keycard, and a key. The second is more complicated to use, so you use it rarely but it’s still two tools instead of one.
- Less dependencies : Again, unless you can actually replace it ENTIRELY, it’s just an added tool (Still almost dependency free)
Really looking to corrections if i do some
I just use doas because sudo has a bunch of features i don’t care about or use, and doas does everything i need while being significantly smaller.
Less lines of code needed means less chances of errors and potential vulnerabilities (if number and quality of eyeballs were the same)
Also only really applies if you are comparing programs in the same programming language as some programs have lines that are significantly more expressive than others. Conversely, some languages have constructs that are significantly more bug-prone than others (e.g. for loops with explicit integer indices instead of higher order functions like map or iterators to iterate over a collection).
Sure, I was just speaking in general.
No, but it’s cleaner and designed for my usecase, and no real work to setup for me, all I had to do was add an alias
deleted by creator
doas uses like 10MIB less of mem than sudo.
Security may be more likely to approve some users having doas, sudo is a no go in many restricted environment.
BTW I use
pkexecI just have a root terminal on the side.
Well, I use
sudo-rs, so…
