View Single Post
Old 7th July 2018
ibara's Avatar
ibara ibara is offline
Future Defcon 201 speaker
 
Join Date: Jan 2014
Posts: 634
Default

Quote:
Originally Posted by therue View Post
i read somewhere that on openbsd doas is the replacement for sudo, and since it's not isntalled by default i think i'll avoid using it in the future.
Depends on your use case. There are plenty of uses for sudo. But it is larger than doas by orders of magnitude. doas is designed to be a small sudo replacement, OpenBSD-specific, that does 95% of what 95% of all users ever need. Most people will never need sudo but if you do, that's ok.

Quote:
Originally Posted by therue View Post
from your post, doas requiring a doas.conf file seems like a more restricted, controlled version of sudo since users are only given the commands that you allow them to use individually, so different users can have a different set of commands available. like allowing this user to shutdown the system, allow that user to install packages.

i can see that as a good way to allocate authority for say other users on the machine, but what if this is just for personal use? doesn't that seem limited? since a lot of times you won't know what you need to run as root until it's time, like if i need to write to a system file, or etc. ?
Code:
permit nopass therue
Now you can run $ doas <command> to you heart's content. Any command, no password needed!
Code:
permit therue
Is perhaps preferred if you would like to enter your password in before executing commands with doas.

Quote:
Originally Posted by therue View Post
So as an admin (only user) on the machine do you just use su then?
You should use doas.
Reply With Quote