_______ _ _ _______ __ __ _______ _______ __ _ |______ | | |______ \_/ |_____| |_____| | \ | ______| |_____| | | | | | | | \_|
sf.me > Blog > Use Doas Instead Of Sudo
Posted on: 20 April 2023
Reading time: 2 min Category: Linux && Software && Guides
Sudo. It is often used by Linux users to perform commands with root privileges instead of being in a root shell all the time. However, there has recently been a vulnerability in sudo due to which people are switching to doas.
OpenDoas or Doas is a portable version of the doas utility that is used on OpenBSD. OpenDoas can be installed on Unix-like system which includes Linux. It is designed to be more minimal and has less configuration options than sudo. If you are on a personal computer, then I highly recommend you switch to doas because it has a much smaller codebase which leaves less room for error.
However, if you are part of a professional environment with many individuals needing to use sudo, I recommend staying with sudo because it offers more configuration options to be used for groups and users.
Doas is available on almost all major distributions. If your distribution is Debian-based (Ubuntu, Linux Mint, Zorin OS), simply type:
sudo apt install doas
If you run an Arch-based system (Artix, Arco, Endeavour, Manjaro), type:
sudo pacman -S opendoas
If you use RHEL-based systems (Fedora, CentOS), type:
sudo dnf install opendoas
Doas should now be installed but it will not work out of the box. There is one line that we need to add to the configuration file.
You have to configure doas as it is not included in most distributions by default but do not fret! One of its plus points is that its configuration is much better than sudo's.
To begin, edit the /etc/doas.conf file as root.
If you are the only user on your system and do not plan to allow other users to use your system, this line will suffice.
permit persist username as root
Many distributions have a group (wheel, sudoers) that are allowed to run sudo commands. If you would like to allow that group to send commands as root, type this:
permit persist :wheel as root
Using doas is incredibly simple. Just type doas instead of sudo. For example, if you usually type:
sudo pacman -Syu
then just type:
doas pacman -Syu
I also recommend aliasing doas to 'doas --' since it causes issues sometimes if you just use doas. Apart from that, this is it for the setup.
If you are the only person on your Linux machine, you should switch to doas. It is much more lightweight and is similar to sudo. It has a smaller codebase which, in my opinion, prevents exploits from popping up as often as sudo.
However, if you are in a professional environment, you should stick with sudo.