Doas - A lightweight alternative to sudo | Hund

Hund

Doas - A lightweight alternative to sudo

Thursday, February 4, 2021

I was recently made aware of doas, a simplified and lightweight alternative to sudo, which are two utilities to execute commands as another user. The most common use case for these utilities is to execute commands as the “super user” also known as the root user.

doas was originally written for OpenBSD, but are now ported to Linux, FreeBSD, NetBSD and illumos.

In terms of disk usage, the binary file for doas is about four times smaller than sudo on my computer with Gentoo and about 27 (!) times smaller on my computer with Alpine Linux (1216 KiB vs 44 KiB).

When it comes to the configuration, I would say it’s a bit more straightforward, but not enough to be a dealbreaker. In terms of functionality, it seems like doas have some features that sudo is currently lacking, like denying a user access to a specific command.

Example usage

To allow all users in the wheel group to gain access to root, add this to the configuration file /etc/doas.conf:

permit :wheel

Allow a user to execute a command without entering the password:

permit nopass <user> cmd <command>

Deny users access to commands (even if they’re in the wheel group):

deny <user> cmd <command>

Meta

Feedback

If you want to leave feedback, you can do so by either sending me a message via email, XMPP or via IRC.