You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2022-09-02 14:07:42
- Excalibur
- Member
- Registered: 2019-03-07
- Posts: 15
Replacing sudo.
OpenBSD has replaced sudo from its default install with doas. This utility is available in Devuan's package repositories. Once installed you create an /etc/doas.conf file with the needed commands you wish to run as root. An example is given below:-
permit nopass username as root cmd /sbin/shutdown
To run the command just type, doas /sbin/shutdown -r now.
Further examples can be found at the bottom of the doas.conf man page.
So, to install doas do the following: aptitude purge sudo ; aptitude install doas (use your preferred package manager)
There may be a caveat in using doas, some heavyweight desktop environments may have a dependency on sudo, so check this out before you try doas. I think you will find doas has a cleaner syntax than sudo and I have found it to be more flexible for my needs.
Offline
#2 2022-09-02 17:06:59
- Camtaf
- Member
- Registered: 2019-11-19
- Posts: 436
Re: Replacing sudo.
It was introduced because a lot of admins had problems configuring sudo properly, & it has a lot less options, which makes it easier.
They introduced doas just after I finally got around to buying Sudo Mastery, just my luck. 
Offline
#3 2022-09-02 17:15:53
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Replacing sudo.
The creator of doas explains their reasons here:
Brianna Ghey — Rest In Power
Offline
#4 2022-09-03 16:03:09
- chris2be8
- Member
- Registered: 2018-08-11
- Posts: 306
Re: Replacing sudo.
So, to install doas do the following: aptitude purge sudo ; aptitude install doas (use your preferred package manager)
Or better:
aptitude install doas
Check doas works and does everything you need!
aptitude purge sudo
Now check if everything still works. Eg does the menu option to shut down the system need sudo?
I've spend too many years installing software to risk cutting myself off.
Offline
#5 2022-09-03 18:42:05
- brocashelm
- Member
- Registered: 2020-06-29
- Posts: 114
Re: Replacing sudo.
The creator of doas explains their reasons here:
I've been listening to some of Ted Unangst's talks. He's very thorough about his approach to improving code.
Anyway, I've been playing around with doas and actively considering installing OpenBSD on the side. I like the more minimalist, no-hands-held environment.
Last edited by brocashelm (2022-09-03 18:42:26)
Offline
#6 2022-09-04 09:40:27
- Camtaf
- Member
- Registered: 2019-11-19
- Posts: 436
Re: Replacing sudo.
As far as regular desktop users, & small networks go, doas would be a better option for most distros.
Offline
#7 2022-09-04 12:45:33
- delgado
- Member
- Registered: 2022-07-14
- Posts: 211
Re: Replacing sudo.
Hm, how would the following look in doas style?
(Capt. Obviuos does not want to compile as root)
$ ./configure
$ make
$ sudo make installOffline
#8 2022-09-04 14:26:51
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Replacing sudo.
^
./configure
make
doas make installOr add this to your shell initialisation file (eg, ~/.bashrc):
alias sudo='/usr/bin/doas'Then just carry on using sudo as you always have done.
Brianna Ghey — Rest In Power
Offline
#9 2022-10-03 17:57:53
- Devarch
- Member
- Registered: 2022-10-03
- Posts: 69
Re: Replacing sudo.
I still need password with doas inspite of:
permit username as root
permit nopass username as root
in /etc/doas.conf
Strange
Offline
#10 2022-10-04 08:47:07
- Camtaf
- Member
- Registered: 2019-11-19
- Posts: 436
Re: Replacing sudo.
It's not meant to allow all encompassing usage, that's what su is for. 
Offline
#11 2022-10-04 15:40:14
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Replacing sudo.
I still need password with doas inspite of
Sorry to ask but you did replace username with the actual username, right?
That syntax works for me with the Debian doas package provided the actual username is supplied.
Brianna Ghey — Rest In Power
Offline
#12 2022-10-04 21:33:57
- Devarch
- Member
- Registered: 2022-10-03
- Posts: 69
Re: Replacing sudo.
Devarch wrote:I still need password with doas inspite of
Sorry to ask but you did replace username with the actual username, right?
That syntax works for me with the Debian doas package provided the actual username is supplied.
yes.
I've discovered that if this line is present
permit persist keepenv setenv { XAUTHORITY=/home/username/.Xauthority DISPLAY=:0.0 LANG LC_ALL } :username
than this problem is present.
Surprisingly, if this line is removed I do not need to tap password.
But without this line I can not use geany or other staff as root.
Offline
#13 2022-10-05 05:06:47
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Replacing sudo.
If you want to run a graphical text editor as root then either use one that takes advantage of the GVFS admin:// backend:
gedit admin:///full/path/to/fileOr stick with sudo:
SUDO_EDITOR=geany sudoedit /path/to/fileSet $SUDO_EDITOR in /etc/environment to make it permanent then just use plain sudoedit.
Running the entire GUI editor as root is simply ridiculous. Don't do it.
Brianna Ghey — Rest In Power
Offline
#14 2022-10-05 19:18:00
- Devarch
- Member
- Registered: 2022-10-03
- Posts: 69
Re: Replacing sudo.
Head_on_a_Stick, hhank you for this hint.
What is wrong with using XAUTHORITY? Almost every linux distribution lets run editor as root? I use it to edit system files. Is there some security problem?
Last edited by Devarch (2022-10-05 19:18:23)
Offline
#15 2022-10-05 19:34:30
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Replacing sudo.
See https://en.wikipedia.org/wiki/Principle … _privilege — what's the point of running the graphical interface as root if you only need to use elevated priviledges to save the modified file? That's what sudoedit & admin:// do.
Almost every linux distribution lets run editor as root?
Almost every Linux distribution expressly advises against running editor GUIs as root. That's why sudoedit & admin:// exist. The latter is the default for GNOME and can also be used in the file manager so that can be operated without having to run the GUI itself as root.
EDIT: just for the record this works fine in my sway (Wayland) desktop:
doas mousepad /etc/fstabI didn't think that was supposed to be possible 
Last edited by Head_on_a_Stick (2022-10-05 19:37:10)
Brianna Ghey — Rest In Power
Offline
#16 2023-09-11 20:41:25
- dpkg
- Member
- Registered: 2023-09-11
- Posts: 1
Re: Replacing sudo.
Surprisingly, if this line is removed I do not need to tap password.
It is because:
The last matching rule determines the action taken. If no rule matches, the ac-
tion is denied.https://man.openbsd.org/doas.conf#DESCRIPTION
What is wrong with using XAUTHORITY?
Nothing, but you should have only one line matching the same username.
permit nopass keepenv setenv { XAUTHORITY=/home/username/.Xauthority DISPLAY=:0.0 LANG LC_ALL } username as rootOffline
#17 2023-09-17 02:47:47
- czeekaj
- Member
- Registered: 2019-06-12
- Posts: 154
Re: Replacing sudo.
There is also sudo -i to just pretty much login as root.
to make it request password everytime you might need to set alias in .bashrc when sudo is invoked.
Although I am unsure how to block sudo -i using an alias.
Offline
#18 2023-10-31 17:58:35
- czeekaj
- Member
- Registered: 2019-06-12
- Posts: 154
Re: Replacing sudo.
This is apparently a replacement option
Offline
#19 2023-10-31 19:54:33
- yeti
- Member
- From: I'm not here: U R halucinating
- Registered: 2017-02-23
- Posts: 334
Re: Replacing sudo.
sup? Compile-time configuration smells too much like those suck**ss tools. Definitely not my taste.
For a while now doas has got persist added on Linux too, so I see no reason any more not to use it.
*𝚛𝚒𝚋𝚋𝚒𝚝!*
Offline
Pages: 1
