I see people talking about doas saying it’s just like sudo but with less features. I’m just wondering if there is any situation where you should use doas or if it’s just personal preference.
You must log in or register to comment.
doas, afaik, was originally made for FreeBSD, so some of its features aren’t compatible with/haven’t been implemented for Linux. That may or may not be an important issue for you to consider.
OpenBSD actually, but close
On the one hand, doas is simpler. Less code means less bugs, and lower chance someone manages to hack it and gain admin rights. On the other hand, sudo is more popular, and so has a lot more people double-checking its security. Ultimately, I don’t think it matters - when someone unauthorized gains admin rights, usually it’s not due to bug in sudo or doas, but other problems.
Well said. Check your firewalls, check your ssh config, liberally use user repositories, and always tip the guard (donate to GNU)
Doas has about 90% of features with 10% of code size of sudo.
And rdo/ssu have ~140 lines of C code. Anyone knows similiar?
You feel smarter… Yeah, that’s pretty much it.
Well, i believe in all showcased cases from people here, they are NOT replacing sudo entirely (Except if some are from BSD or if I’m incorrect with this assumption). They are just replacing their user habit with doas and use that command instead. In the end, all unix scripts or apps expect using sudo (If not, su) so… ### What’s even the need to ?
- Size : Installed on top of the already system present sudo.
- Security : Only perhaps if you made a sudo alias to doas (But since it isn’t entirely 1:1 identical, if anyone have a cleaner way of implementing that, I’m all hear)
- Simplicity : You now have two tools. A easy to use keycard, and a key. The second is more complicated to use, so you use it rarely but it’s still two tools instead of one.
- Less dependencies : Again, unless you can actually replace it ENTIRELY, it’s just an added tool (Still almost dependency free)
Really looking to corrections if i do some
BTW I use
pkexecWell, I use
sudo-rs, so…Security may be more likely to approve some users having doas, sudo is a no go in many restricted environment.
From what I hear, doas is more secure. I don’t think it matters though, as long as you keep your system updated. I use sudo still.
How is it more secure?
doas uses like 10MIB less of mem than sudo.
What’s the point of using MiB if you’re just gonna say “like” lol
Because it is not exactly 10MiB. Should have used about instead of like though.
I mean just say MB if you’re not being exact
MiB and MB are not the same thing. Just that many CLI tools in linux use MiB instead so I just got used to typing MiB lol.
The difference between MB and MiB is 24 kilobytes
My point is that if you’re already estimating, the difference is negligible
24 kibibytes. I dislike the annoying difference between kiB and kB, etc, etc as I also think in kB and MB as the binary values because that’s how I was taught for many years.
Again. If you’re not being accurate then theres no point jn being precise
Doas is more secure, sudo has had a few critical vulnerabilities in the past, because the codebase is much larger. Sudo has like a million features that most people don’t need, but they significantly increase attack surface.
Doas is more secure, sudo has had a few critical vulnerabilities in the past, because
… it’s newer. You wanted to say “it’s newer.” It has nowhere near the history, and looks better because it’s newer.
Please, now, trot out the “use sudo if you’re old” memes, because we grew that skin extra thick over the systemd counter-hate.
