In Linux, managing user permissions and command execution is crucial for maintaining system stability and security. Many users are familiar with the command `sudo`, which allows them to execute commands with higher privileges.

However, there's an alternative tool called `doas` that provides a more efficient way to escalate privileges. In this post, I'll guide you through the installation and configuration of `doas`.

What is `doas`?

`doas` is a lightweight tool that enables users to run commands with the privileges of another user, typically the root user. Originally introduced in OpenBSD, it has gained popularity across other Unix-like operating systems.

Unlike `sudo`, which features a complex configuration file and numerous options, `doas` focuses on simplicity and ease of use. This straightforward approach reduces the chances of misconfiguration and lessens security vulnerabilities.

Installing `doas`

The installation process for `doas` varies by Linux distribution. Here’s how to install it on some popular platforms:

On Debian/Ubuntu and Debian-based distros.

Update package lists:

sudo apt update

Install `doas`:

sudo apt install doas

On Arch Linux and Arch-based distros

Install `doas` using:

sudo pacman -S doas

On Fedora and Fedora-based distros

To install on Fedora, use:

sudo dnf install doas

Configuring `doas`

Configuration of `doas` is straightforward and managed through a single file located at `/etc/doas.conf`. This file controls user permissions and operations.

Basic Configuration Example

To allow a specific user to execute commands as root, add the following line to `/etc/doas.conf`:

permit username

Just replace `username` with the actual user's name. This simple command grants that user permission to execute any commands as root.

Limiting Commands

You can specify which commands a user is allowed to run. For example, if you want to allow a user to only run the `systemctl` command, you can write:

permit username as root cmd /usr/bin/systemctl

Groups and Permissions

You can also assign permissions to groups, making management easier. For instance, to allow all members of the group `admin` to execute any commands as root, use this line:

permit :admin

This flexibility makes `doas` an effective tool for controlling user permissions.

Advantages of Using `doas` Over `sudo`

While both `doas` and `sudo` are valuable, `doas` offers several compelling advantages:

Simplicity

The configuration for `doas` is much simpler than that of `sudo`. This clarity can save time and reduce errors, especially for users who prefer straightforward system management.

Security

Due to its minimal codebase and simple configuration, `doas` has a smaller attack surface. With fewer features, there are fewer potential weaknesses that could be exploited, enhancing system security.

Performance

Because `doas` is lightweight, it can execute commands slightly faster than `sudo`, especially in frequent privilege escalation scenarios. For users who rely on rapid command execution, even a few seconds saved per command can add up significantly throughout the day.

Compatibility

Although it originated from OpenBSD, `doas` is compatible with many Unix-like systems, allowing users to benefit from its simplicity across various platforms.

Growing Community Support

The user base for `doas` is steadily increasing. As more users adopt it, community resources and tutorials are becoming available, making it easier to learn and troubleshoot.

Final Thoughts

`doas` serves as an effective alternative to `sudo`, providing a simple, secure way to manage user permissions in Linux. Its ease of use and clear configuration make it ideal for users who value simplicity without sacrificing security.

Try doas now and check how it performs on your system!