sudo or doas

[rafael_grether]

Good point, Sir Dice!
You're right!

When OpenBSD 5.8 was released, was announced the replacement of sudo by doas.
Because it is much simpler, minimalistic. But nothing was said about security.

But OpenBSD is "paranoid" about security, so I don't think there's any reason for me to worry about that.

In fact, I never had to use all complexities of sudo. For the web manager, permissions to manipulate apache/php services, and so on.

 

[drhowarddrfine]

due to a recent security issue in sudo (CVE-2019-14287) that was widely exploited in the wild, and the proof of concept only requires a simple command line

Isn't that like a three-year old issue that was fixed even then?

 

[grahamperrin]

☑ something else (what)

Three things:

1. Control-Alt-F2, ttyv1 login as root, switch to my desktop environment with Alt-F9, to-and-fro between the two
2. su -
3. sudo ⋯

Superuser aside, I sometimes also ttyv4 login as grahamperrin without a desktop environment, then again to-and-fro. ttyv4 because F5 and F9 are nicely separated on the type of extended keyboard that I most often use. So, it's like:

• index finger = my console
• little finger = my desktop environment

– without looking at the keyboard.

Yes, yes. I've got a billion servers.

All running FreeBSD, of course. Then, put a desktop environment on just one of them, and be told that you're hindering development of a server-only operating system.

 

[drr]

I voted 'something else (what)'.

I use su - to become root whenever needed. I have used sudo a lot in the past, in my linux days, but now I have got used to using su -. I have not used doas so far; I will give it a try someday.

 

[hruodr]

BTW, I do normally su, but in the meantime I use doas for typing some commands,
but only for doing things faster, it is not a principle. Doas and not sudo because
it is easier to configure, I never saw the need of these commands.

 

[dbdemon]

For my own very modest requirements I think su is sufficient.

 

[john_rambo]

I had used doas under OpenBSD. Before reading this thread I had the wrong idea that doas belongs to OpenBSD. I use sudo under both FreeBSD & Linux.

 

[ralphbsz]

Before reading this thread I had the wrong idea that doas belongs to OpenBSD.

It does. Doas was developed in OpenBSD, and first used there. It has since been ported to other OSes; I use it on FreeBSD and on (Raspberry Pi) Linux. One of its important features only works in OpenBSD, namely remembering for 5 minutes that the user has entered their password.

Why do I use doas? Mostly because the config file is simple, yet expressive. I can adjust "who can do what" easily and intuitively.