[Discussion] Why Debian still uses sudo instead of doas?

[Hetzer]

doas has nearly the same (or it's already of same) functionality, is smaller and much easier to configure than sudo. It's also said that doas is more secure, mostly due to it's much smaller codebase
doas is already in Debian repositories (opendoas package), is proven to work (at least by me) - The question is, why Debian still prefers sudo when we have plain better replacement?

[bbbhltz]

I asked myself the same question when I used Alpine Linux, which comes with doas:

doas: simpler, less configuration, good for single-user cases and doing things as root without remembering two passwords.

sudo can be used in elaborate sysadmin situations with permission combinations and multiuser cases and servers.

[CwF]

Momentum.
I'm slow, usually early, then late. Going forward I am moving to doas. For me it deserve a long view and I never expect I can sit down and figure out the extents in a single session, or minutes. So after I started with it a year+ ago I haven't come up with an issue. I have had sudo removed for years, like gksudo years, which was when I was starting to lean on policy kit. I only use sudo/doas in scripts or tickle code where they seem equivalent. With larger more complicated multi-user sudo group installs there may be some snags I won't see.

Overall a minor detail and an easily reconfigurable one. So I rely on attrition, eventually.
Momentum.

[Hetzer]

sudo can be used in elaborate sysadmin situations with permission combinations and multiuser cases and servers.

I think doas can be used as well since it allows per-user, per-group and per-command settings
And well, even if sudo has more options than doas - I still think it's better to prefer doas 'cause most Debian installations are these "single-user" cases ye told of - therefore no need for complexity of sudo

Overall a minor detail and an easily reconfigurable one

I'd not call it "minor" since it's somewhat a must-have for people that don't want to switch between unprivileged and root frequently
Indeed it's easy to configure (even easier if root password is set during installation, since no sudo is installed) - But I personally think it'd be better to have it already configured instead - one less chore after install

[CwF]

I'd not call it "minor" since it's somewhat a must-have for people that don't want to switch between unprivileged and root frequently

I do because it's rare for me to ever use either, I could say never to needing it, just an option. I try to get everything to happen within user rights with polkit, and have except for the mentioned use of scripts, which are within a gui anyway and available to the user.
There are enough options in how to gain su status none are critical to have, just pick one. Some may argue for 'su -' as the default minimum, nothing else required since all can be built from there.

Sudo is habit, nothing more. So any replacement is simply a newly preferred habit.

Code: Select all

user@debian:~$  su -
Password: 
root@debian:~# exit
logout
user@debian:~$

[Dai_trying]

I haven't used doas (or ever installed it) but would like to know in what way doas is better than sudo? I will do a bit of googling (without google ) while waiting for any response but opinions of it are welcome (to me at least).

My reason for asking is because I'm a "if it aint broke don't fix it" kind of guy.

[Hallvor]

Unless you are in a corporate environment where you don't want to hand out the root password to your colleagues on yellow post-it notes, I don't see a reason to use any of them: su - works just fine.

[Dai_trying]

Absolutely true, I only install sudo to make it easier when using code found on the net (after checking for anything obviously malicious )

[peer]

During install I allways set a root password and after installation I install sudo (and add myself to the sudo group).
I also have some rules set in the sudoers map "/etc/sudoers.d". This works great for me.
So I think I don't have the need to use doas in stead of sudo.

[Hetzer]

I haven't used doas (or ever installed it) but would like to know in what way doas is better than sudo?

In ways I've mentioned in the beginning - simplier, easier to set up + said to be more secure

I don't see a use any of them: su - works just fine.

I personally see since I use it. A lot.
I frequently forget what I wanted to execute as root (I mean, execute one command as root, one as unprivileged, then remind meself of thing to do so another command as root...), in my case I would swap between both all the time - so instead I utilize doas with disabled password prompt

Sudo is habit, nothing more. So any replacement is simply a newly preferred habit.

sudo / doas is a habit, but preferring one over another isn't - it's not only because of syntax matter
doas is simplier, smaller (smaller codebase = smaller attack surface) and functionally very close (again, if not 1:1) to sudo - I see no problems to prefer it in future releases
Ones who need (or just are used to) sudo still could install it, like one can install and configure doas right now

[CwF]

a habit, but preferring one over another isn't

I don't disagree. What you say is true. But, your perspective in narrow, as is mine. There are many packages impacted by this seemingly simple choice, packages that inherit the sudo group for permissions would need changed. That would take a coherent effort beyond the simplicity you're assuming. In any case sudo is already a secondary consideration even if level with a doas consideration. I'd prefer a polkit configuration step within the installer. The likely answer may be to configure that after install, let's not complicate the installer. I'd comply, maybe with a sulk. Sudo is a result of accommodating the lack of a root account, which is a result of an ill conceived notion that root accounts are dangerous. Obfuscating the path to su function with alternatives doesn't change the reality there is always a root, invisible or not.

KISS says to always establish the root account at install, pay attention, and when we are at a prompt after install completion, configure secondary solutions like polkit/sudo/doas using 'su -' with the root password (you were paying attention) in a DE's terminal emulator or switch to a tty and login as root to do it the hard way.

Since KISS is not the current way with a rootless option we have already moved away from this KISS. If this path is the way, then a doas vs. sudo argument is valid - as long as we recognize removing sudo and enforcing a root account is also valid.

Many packages have already rid themselves of a hard dependency on sudo now listing the optional alternative opendoas. It is only recently possible to rid a system of sudo being previously tied up in various DE dependencies. So a default doas option could happen by 13 or 14.

Finally, default should always be considered the beginning and not the end. We are ROOT, we will configure.

KISS - Keep It Simple...

[Hallvor]

I personally see since I use it. A lot.
I frequently forget what I wanted to execute as root (I mean, execute one command as root, one as unprivileged, then remind meself of thing to do so another command as root...), in my case I would swap between both all the time - so instead I utilize doas with disabled password prompt

I can't and won't argue against your personal preferences, but I do think it is a good idea to make a clear distinction between root and regular user environments. This separation is there for security reasons, and understanding when to issue commands as root and user will help you avoid unintended consequences of executing commands with elevated privileges.

[Hetzer]

There are many packages impacted by this seemingly simple choice, packages that inherit the sudo group for permissions would need changed. That would take a coherent effort beyond the simplicity you're assuming.

It is only recently possible to rid a system of sudo being previously tied up in various DE dependencies.

Well, didn't know 'bout that...
And I didn't even think of it as well, since my non-sudo installations always went smooth - never noticed something not working because of lack of the sudo

KISS says to always establish the root account at install, pay attention, and when we are at a prompt after install completion, configure secondary solutions like polkit/sudo/doas using 'su -' with the root password (you were paying attention) in a DE's terminal emulator or switch to a tty and login as root to do it the hard way.

That's a good wisdom. Personally I don't understand meself that "rootless" trend, it makes no difference to user except if anything breaks one will be locked out of his/her system

Sudo is a result of accommodating the lack of a root account, which is a result of an ill conceived notion that root accounts are dangerous. Obfuscating the path to su function with alternatives doesn't change the reality there is always a root, invisible or not.

Not true in my case, I always thought of sudo/doas as a "one-liner to do something as root" - but mentality ye described lives for sure as it's seen in mainstream distributions (e.g. Ubuntu)
The funniest thing is this "dangerous root" still being utilized with that sudo/doas anyway - In the end, no difference [comparing to properly-configured machine] expect additional risk I've mentioned above

I personally see since I use it. A lot.
I frequently forget what I wanted to execute as root (I mean, execute one command as root, one as unprivileged, then remind meself of thing to do so another command as root...), in my case I would swap between both all the time - so instead I utilize doas with disabled password prompt

I can't and won't argue against your personal preferences, but I do think it is a good idea to make a clear distinction between root and regular user environments. This separation is there for security reasons, and understanding when to issue commands as root and user will help you avoid unintended consequences of executing commands with elevated privileges.

Ye I'm aware of that, I use mentioned doas when something just can't be done as unprivileged (partitioning, service management, installing packages...) - I'm not type who runs anything that doesn't work on first try as root

[Dai_trying]

After reading all the comments and doing a little research it appears (to me) that while doas is smaller, (although this is quite insignificant IMO due to the actual size of both packages) there are things that are not quite ready (in doas) to be able to replace sudo in some situations. On top of that sudo will work ootb (probably due to the fact that it is maintained by debian) and doas requires some configuration at all times.

My current opinion is that while doas might be ready in the future to be able to replace sudo, at the moment i cannot see any reason to change what already works flawlessly for me.

Also just as a minor point, I usually prefer using packages maintained by Debian rather than a random (unknown to me until now) github repository.

I am not knocking doas it may do everything most users would need and save a little under 2Mb of space, but for me it's not a viable replacement (yet).

For information a seemingly good reference might include this page

[sunrat]

Also just as a minor point, I usually prefer using packages maintained by Debian rather than a random (unknown to me until now) github repository.

https://packages.debian.org/search?keywords=doas

[arzgi]

Sudo usage is logged. Some prefer that, others don't care.

[Hetzer]

On top of that sudo will work ootb (probably due to the fact that it is maintained by debian) and doas requires some configuration at all times

doas should work OOTB as well if package deployed a simple config like this:

Code: Select all

permit persist keepenv :wheel

and create the "wheel" group
doas, like sudo, doesn't need to be configured specifically for one machine (unlike a e.g. mailserver, of which configuration is always different)

For information a seemingly good reference might include this page

Just a note from me, this wiki doesn't mention about "keepenv" setting which can be used instead of setting user environment all over again

Sudo usage is logged. Some prefer that, others don't care.

It's useful in multi-user machines, not so in case of desktops. And I think it does some kind of logging, at least I assume that on the basis of "nolog" parameter for /etc/doas.conf

[CwF]

and create the "wheel" group

There you just went off the rails...
guid 100, users or
guid 50, staff, the logical choice, already exist.

[Hetzer]

and create the "wheel" group

There you just went off the rails...
guid 100, users or
guid 50, staff, the logical choice, already exist.

Sorry, my bad

[Dai_trying]

Also just as a minor point, I usually prefer using packages maintained by Debian rather than a random (unknown to me until now) github repository.

https://packages.debian.org/search?keywords=doas

I guess I may have worded my previous post wrong but my point was the apt show output:-

Code: Select all

Package: sudo
Maintainer: Sudo Maintainers <sudo@packages.debian.org>
Homepage: https://www.sudo.ws/

Code: Select all

Package: doas
Maintainer: Scupake <scupake@riseup.net>
Homepage: https://github.com/Duncaen/OpenDoas

And I will normally prefer the Debian one, although if at some time in the future Debian adopts doas as the preferred mechanism I would re-consider.