Lmst

Just a silly #meme...

#LossyPNG #doas #sudo #root #unix #linux #BSD #infosec

Winnie-the-Pooh good-better-blurst meme:

Good: sudo
Better: doas
Blurs't: ssh root@...

Reduced to 8 colors to save space (#LossyPNG)

My rule is just permit keepenv, with no persist. It's #NetBSD rather than #FreeBSD so doas.conf is in /usr/pkg/etc/, and it definitely retains the environment.

persist does not work on other than #OpenBSD, as far as I am aware. Try it without persist to see whether that's the problem.

#doas

@rl_dane

Have you run

doas printenv MANPATH

?

You are about to learn the joy of doas.conf, I predict.

#doas #FreeBSD #mandoc

Anyone else suddenly find themselves deep into searching for dosa recipies online, triggered by mistyping doas at the command prompt and then thinking "I love dosa! I wonder how to make it,"?
No? :blobcat_smilignopenmouthsweating:
#adhd #dosa #doas

@pitrh @SamuraiSakura @inlovewithpda

Great write-up!

Agreed, the install process on #OpenBSD is really quite painless, especially since they added #FDE setup to the installer.

The fact that it isn't a #TUI is really minor.

Also, #doas is BAE. I install it everywhere else, including all my Linux boxen. 😁

@fefe_interim #doas(1) on #OpenBSD. Simple, clean, secure.

https://man.openbsdhandbook.com/doas/

Rewriting #sudo into #rust was a bad idea. The main issue with sudo is its massive complexity and enormous amount for features and settings for a program that’s SUID. A memory safe language doesn’t magically fix this.

If you really want to bring memory safety into this space, then rewrite #doas into Rust.

@le_friwi_56 i prefer to use #doas as an alternative to sudo more lighter just one file config /etc/doas.conf

#doas doesn't seem to support #U2F on #NixOS it's weird and should work but doesn't as /etc/pam.d/doas doesn't contain pam_u2f.so and /etc/pam.d/sudo does contain it..

FYI: I have added "security.pam.services.sudo.u2fAuth = true;" to config and as I see there is no same option for doas and I also tried other hacky ways with no hope.

root elevation via doas + fprintd on Thinkpad and FreeBSD

#doas #fingerprint #freebsd

doas root elevation with fingerprint prompt

Time to switch to #doas ?

https://thehackernews.com/2025/07/critical-sudo-vulnerabilities-let-local.html?_m=3n%2e009a%2e3712%2eed0ao45tja%2e2qte

@NebulaTide @kaixin @rubenerd Didn't know about opendoas, installed it and it really caches my password, cool!

The #eshell can also work with #doas like with #sudo :dragnhappy:

Eshell with launched `doas ls' command. The password is asked in the minibuffer, not in the eshell. The prompt is "doas Password:".

It's time!

Thank you once again to the OpenBSD people for their excellent tooling.

#freebsd #doas #sudo

Console output from one of our homelab servers, where I'm uninstalling sudo and installing doas.

pkg remove sudo
pkg install doas

Yay!

@jimsalter I highly suggest taking some time out to discover doas(1) https://man.openbsd.org/doas . It arrived in the #OpenBSD 5.8 release back in October 2015 and is well battle tested. Doesn't have all the features of #sudo but 99% of sudo users basically don't use them anyway. #doas #25admins

@besendorf Also my first thought whenever I read #sudo vulns. Though I wonder if #doas was more widely used that there would be more vulnerabilities detected.