Hacker News new | past | comments | ask | show | jobs | submit login

Doubt it. The one thing doas is missing (from my POV) is caching the authorization. Sudo will allow you to cache the authorization on every(?) platform, but doas will only allow this on OpenBSD. If you're running "sudo bash" to avoid reentering your password a million times, doas (likely) won't help.

However if you're running "sudo bash", you should probably consider setting the root shell appropriately and just use "sudo -l".




OpenDoas has opt-in persistence via the --with-timestamp build flag. And on NixOS, for example, it's built with this flag by default.


Thanks for providing NixOS commentary. I’d was leery something in Nix would break, so I never tried.


No problem. FWIW I use doas over sudo on all 3 of my Nix hosts and I've only ever had one issue - VeraCrypt has a hardcoded shell-out to sudo, so I can't use it.

The proper fix would be VeraCrypt implementing polkit, but I just use cryptsetup's implementation.


This is actually an interesting case. Openbsd implemented timing out the connection by adding it to the tty[1]. this sort of shenanigan would never fly on linux, "what! improve an unrelated established system, I don't think so." So for a long time doas on linux was not able to timeout a session. At some later point the timeout code was re-implemented on linux using a different mechanism[2].

If your linux doas does not timeout, try updating it?

1. http://man.openbsd.org/tty.4#TIOCSETVERAUTH

2. https://github.com/Duncaen/OpenDoas/blob/master/timestamp.c


Well my use case was DragonFly and FreeBSD where there is a version of doas available, but not opendoas.


> "sudo -l"

ITYM "sudo -i" -l lists the programs your user may run as root/the-specified-user




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: