Doas authenticates as a simpler version of Sudo

The Sudo privilege management tool is big and complicated, with many advanced options that only an expert would need. Doas is far simpler – which might just make it safer for desktop users.

In Unix and Linux, best practices call for a strict segregation in the assignment of rights between daily work and administrative tasks. Administrative chores were once reserved for the superuser account. If you are logged in as the superuser, which is normally named root, you are allowed to do everything up to deleting the entire system.

Admins at New York University developed Sudo back in 1980 to prevent students from getting unneeded privileges. The name Sudo stands for “Superuser Do.” It lets you give privileges to a user who is a member of the sudo group for limited time or for a specific task. To do this, prepend sudo to a command whose execution requires these privileges. Then enter your user password to authorize it.

Sudo became more fashionable in Linux after it was adopted by Ubuntu, and it is now a standard feature of most distributions. Sudo sounds simple on the surface, but it is actually highly evolved software with many advanced features most desktop users never need. Rights assignments in Sudo can be regulated by role-based access controls [1] and by mandatory access controls [2] or configured via LDAP and the Network Information Service (NIS) directory service.


Use Express-Checkout link below to read the full article (PDF).

Posted by Contributor