this post was submitted on 22 Jun 2026

7 points (81.8% liked)

Linux Questions

3981 readers

2 users here now

Linux questions Rules (in addition of the Lemmy.zip rules)

stay on topic
be nice (no name calling)
do not post long blocks of text such as logs
do not delete your posts
only post questions (no information posts)

Tips for giving and receiving help

be as clear and specific
say thank you if a solution works
verify your solutions before posting them as facts.

Any rule violations will result in disciplinary actions

founded 2 years ago

MODERATORS

possiblylinux127@lemmy.zip

What's the fundamental difference between sudo and doas ? (nord.pub)

submitted 2 days ago by TheViking@nord.pub to c/linuxquestions@lemmy.zip

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] deadbeef79000@lemmy.nz 11 points 2 days ago (4 children)

The size of the code base and therefore attack surface.

The sudo source code is approximately 160,000 lines of C.

Doas was written for OpenBSD (after the OpenBSD project decided sudo was too large to ship in the system base) with a source code of roughly 500 lines of C.

Obviously those extra lines of code bring features to sudo that doas doesn't have.

[–] NinjaTurtle@feddit.online 3 points 2 days ago* (last edited 2 days ago)

Is there any particular features that are noticeably missing, right off the bat?

[–] HelloRoot@lemy.lol 5 points 2 days ago* (last edited 2 days ago) (3 children)

The list of functional differences is too long to write here. I'm sure you can ask some llm to do the google search for you and it will shit out an ungodly amount of differences.

But I'd say roughly they are about:

how you configure it (sudo has a much more complex and expressive syntax, doas needs many more lines for the same result)
how it preserves env variables (sudo has more options for that, it excludes some by default while keeping others and can spawn subshells differently with -l -i)
how it does persisting authorization over some period of time :

doas on OpenBSD caches via a kernel API.

The slicer69 portable doas port has no persist on Linux/FreeBSD - you re-enter your password every invocation.

OpenDoas implements persist via timestamp files, similar to sudo but with fewer tuning options.

[–] TheViking@nord.pub 2 points 2 days ago (1 children)

You explained very well, this being an intensely technical subject. And you're absolutely correct about LLMs.

Now, which one do you think would be better, considering the fact that l wish to challenge my learning curve ???

[–] HelloRoot@lemy.lol 3 points 2 days ago* (last edited 2 days ago)

"better" always depends on the usecase

I use sudo cause it's less hassle and I just want to use my pc without the OS being in the way.

If you want security: ofc. doas.

But if your goal is tinkering, then you can switch anytime anyway, so try all the options.

[–] mmmm@sopuli.xyz 2 points 2 days ago

Plus doas does not have insults (?)

[–] ryannathans@aussie.zone 0 points 2 days ago

For an LLM comparison, this is what I get from haiku

sudo is older, more complex, and feature-rich, while doas is newer, simpler, and security-focused.

Core distinctions:

Code size & complexity: doas has roughly 700 lines of code versus sudo's 100,000+ lines, making doas easier to audit and maintain.

Configuration: sudo uses the complex sudoers file with intricate syntax; doas uses a simpler doas.conf file that's more straightforward to read and write.

Security philosophy: doas was designed with security-first principles, minimizing potential attack surface. sudo accumulated features over decades, increasing complexity and potential vulnerabilities.

Feature set: sudo has advanced features like session recording, plugins, authentication caching, and detailed logging. doas is minimalist—it handles the essential privilege escalation task without extras.

Adoption: sudo is ubiquitous across Linux and Unix systems. doas is less common but gaining traction, particularly on OpenBSD (where it originated) and among security-conscious users.

Performance: doas is faster and lighter, while sudo carries more overhead.

In practice, doas works well for straightforward privilege escalation needs, while sudo is better if you need advanced features or broader compatibility.

[–] possiblylinux127@lemmy.zip 1 points 2 days ago

I personally think the security concerns with sudo are way overblown. If it was getting hit with CVEs left and right it would be different but there have only been a handful of bad CVEs in its history.

[–] TheViking@nord.pub 4 points 2 days ago (1 children)

Attack surface means ?

[–] deadbeef79000@lemmy.nz 8 points 2 days ago

More code means there's more room for bugs and security flaws that can be exploited, and it's more difficult to reason about the code to find those flaws.

The general security jargon for that concept is 'attack surface'.