Sudo Is Bloat. Use Doas Instead! DistroTube
video description
Date: 2022-03-30
Related videos
Comments and reviews: 10
KillerMemz
I think that the line that most people want to put in their doas.conf would be: -permit persist keepenv :wheel as root-
-permit- gives the okay, -persist- makes it stay for a while, similarly to how sudo doesn't make you reenter your password for a bit, -keepenv- makes sure that it still runs commands from the user home environment, -:wheel- covers all users in the wheel group, and -as root- covers what doas is permitting, which in this case it's permitting running as the alternate user, root.
set up like this, doas isn't just a similar replacement for sudo, it's almost 100% function equivalent. You can also add user specific lines, replacing -persist- with -nopass- and -:wheel- with the username, and that will allow you to enable passwordless doas on any user you make that line for. -permit nopass keepenv dt as root- would be the function used in the system exampled in the video.
The full scope of what doas can do is laid out in the does.conf manpage, -man doas.conf- for the less inclined.
reply
I think that the line that most people want to put in their doas.conf would be: -permit persist keepenv :wheel as root-
-permit- gives the okay, -persist- makes it stay for a while, similarly to how sudo doesn't make you reenter your password for a bit, -keepenv- makes sure that it still runs commands from the user home environment, -:wheel- covers all users in the wheel group, and -as root- covers what doas is permitting, which in this case it's permitting running as the alternate user, root.
set up like this, doas isn't just a similar replacement for sudo, it's almost 100% function equivalent. You can also add user specific lines, replacing -persist- with -nopass- and -:wheel- with the username, and that will allow you to enable passwordless doas on any user you make that line for. -permit nopass keepenv dt as root- would be the function used in the system exampled in the video.
The full scope of what doas can do is laid out in the does.conf manpage, -man doas.conf- for the less inclined.
reply
TheUnkow
When a more minimal or less bloated software is being recommended it's never just because it has fewer lines of code.
And fewer lines on average may mean more security but just one line is enough to jeopardize the system.
Just while(true) or not escaping client input can result in a crash or hijacking your system.
So when you pick a software you have to pick something you trust.
Sudo is a long time champion, I love that we have less -bloated- alternatives. In my experience with most -less bloated- software, this means doas will result in minor but definitively lesser average ram and cpu usage.
The only good examples of over bloated software that works better are for example the KDE desktop and Garuda Dragonized (themselves saying free ram is unused ram).
In the end you can try, see the result and decide for yourself, there is a reason some people developed doas and I like that we are still not afraid to improve the core stuff that served us for years almost flawlessly.
reply
When a more minimal or less bloated software is being recommended it's never just because it has fewer lines of code.
And fewer lines on average may mean more security but just one line is enough to jeopardize the system.
Just while(true) or not escaping client input can result in a crash or hijacking your system.
So when you pick a software you have to pick something you trust.
Sudo is a long time champion, I love that we have less -bloated- alternatives. In my experience with most -less bloated- software, this means doas will result in minor but definitively lesser average ram and cpu usage.
The only good examples of over bloated software that works better are for example the KDE desktop and Garuda Dragonized (themselves saying free ram is unused ram).
In the end you can try, see the result and decide for yourself, there is a reason some people developed doas and I like that we are still not afraid to improve the core stuff that served us for years almost flawlessly.
reply
William
I don't really get the point of sudo vs doas.
1. Bloat / options most users won't touch (doas may have smaller installed size, but it also has options that most won't use -- which is also bloat)
2. Sudo's config file is too complicated compared to doas -- you don't have to touch sudo's config unless you need to (the defaults work out-of-the-box).
To me doas is just the same old song in a different key -- eg. a different way of doing things, but not really different enough from sudo to matter.
reply
I don't really get the point of sudo vs doas.
1. Bloat / options most users won't touch (doas may have smaller installed size, but it also has options that most won't use -- which is also bloat)
2. Sudo's config file is too complicated compared to doas -- you don't have to touch sudo's config unless you need to (the defaults work out-of-the-box).
To me doas is just the same old song in a different key -- eg. a different way of doing things, but not really different enough from sudo to matter.
reply
Epsilonsama
doas works a bit differently in OS outside of OpenBSD. doas in OpenBSD has kernel calls exclusive to it which is implemented differently in the more portable version of doas which is used in FreeBSD, MacOS and GNU/Linux. That being said the config file for doas is amazingly simple, it's plain English so a novice wont be doing any mistakes configuring it unlike with sudo where it's easy to screw things up for first timers which is why visudo command was created.
reply
doas works a bit differently in OS outside of OpenBSD. doas in OpenBSD has kernel calls exclusive to it which is implemented differently in the more portable version of doas which is used in FreeBSD, MacOS and GNU/Linux. That being said the config file for doas is amazingly simple, it's plain English so a novice wont be doing any mistakes configuring it unlike with sudo where it's easy to screw things up for first timers which is why visudo command was created.
reply
Don
Why edit the sudo configuration file? Just -sudo adduser username sudo; usermod -a -G username; gpasswd -a username sudo-
Alright, I've installed doas on my Debian 11 EDC (every day computer). Should I uninstall sudo or should I just remove users from conf?
reply
Why edit the sudo configuration file? Just -sudo adduser username sudo; usermod -a -G username; gpasswd -a username sudo-
Alright, I've installed doas on my Debian 11 EDC (every day computer). Should I uninstall sudo or should I just remove users from conf?
reply
J!nx
Most people don't need those 99% of the options, therefore most of those people don't need to configure sudo, so most people don't need to replace sudo.
It wouldn't be a Linux community if they didn't invent yet another redundancy cuz reasons XD
reply
Most people don't need those 99% of the options, therefore most of those people don't need to configure sudo, so most people don't need to replace sudo.
It wouldn't be a Linux community if they didn't invent yet another redundancy cuz reasons XD
reply
William
5:49 when running --doas updatedb--
Did you actually have to enter the password for --root-- or for --dt-- ?
If you had to literally enter it for --root-- it sounds like step backwards when compared to --sudo--
reply
5:49 when running --doas updatedb--
Did you actually have to enter the password for --root-- or for --dt-- ?
If you had to literally enter it for --root-- it sounds like step backwards when compared to --sudo--
reply
Johanno
It's all nice but in most distros sudo is already installed and it does what I want. So why would I switch? for a few MB? probably not. Usage wise sudo is a bit more user friendly I guess( or I am just used to it)
reply
It's all nice but in most distros sudo is already installed and it does what I want. So why would I switch? for a few MB? probably not. Usage wise sudo is a bit more user friendly I guess( or I am just used to it)
reply
Max
Windows is bloated, use MacOS
MacOS is bloated, use GNU/Linux
GNU/Linux is bloated, use just Linux
Linux is bloated, use a microprocessor with ROM
Microprocessor-s ROM is bloated, use pencil and paper
reply
Windows is bloated, use MacOS
MacOS is bloated, use GNU/Linux
GNU/Linux is bloated, use just Linux
Linux is bloated, use a microprocessor with ROM
Microprocessor-s ROM is bloated, use pencil and paper
reply
Derisis13
I have been using doas for around a year now and there's one major problem: it reads from stdin instead of the tty it was launched from. This means, there's no piping to commands you want to execute as root.
reply
I have been using doas for around a year now and there's one major problem: it reads from stdin instead of the tty it was launched from. This means, there's no piping to commands you want to execute as root.
reply
Add a review, comment
Other channel videos
