Hund

Doas - A lightweight alternative to sudo

February 4, 2021

I was recently made aware of doas, a simplified and lightweight alternative to sudo, which are two utilities to execute commands as another user. The most common use case for these utilities is to execute commands as the “super user” also known as the root user.

doas was originally written for OpenBSD, but are now ported to Linux, FreeBSD, NetBSD and illumos.

In terms of disk usage, the binary file for doas is about four times smaller than sudo on my computer with Gentoo and about 27 (!) times smaller on my computer with Alpine Linux (1216 KiB vs 44 KiB).

When it comes to the configuration, I would say it’s a bit more straightforward, but not enough to be a dealbreaker. In terms of functionality, it seems like doas have some features that sudo is currently lacking, like denying a user access to a specific command.

Example usage

To allow all users in the wheel group to gain access to root, add this to the configuration file /etc/doas.conf:

permit :wheel

Allow a user to execute a command without entering the password:

permit nopass <user> cmd <command>

Deny users access to commands (even if they’re in the wheel group):

deny <user> cmd <command>

Meta

No Comments

Use the e-mail form, if you wish to leave feedback for this post. Markdown is supported. [Terms of service]