doas

Run a command as root

$ doas [command]

$ doas -u [user] [command]

$ doas -s

$ doas -C [config_file] [command]

$ doas -L

doas [-n] [-s] [-u user] [command [arguments ...]]

-n
    Do not ask for a password.

-s
    Execute the user's shell.

-u user
    Specify the user to execute the command as. Defaults to root.

doas is a small, secure alternative to sudo. It allows a trusted user to execute commands as another user, typically root.
doas prioritizes simplicity and security, aiming to provide a minimal and auditable privilege elevation mechanism. Its configuration is typically much simpler than sudo, residing in a single, easily understood file. doas is designed to be more secure by default than sudo by removing features and defaults which could introduce security holes. It leverages the secure coding practices and security features of the OpenBSD project where it originated.

Configuration is mandatory for doas to function. The doas.conf file must be properly configured to grant permissions to users.

The doas.conf file located in /etc/doas.conf is where access rules are defined. Each line specifies who can run what command as which user. Example: 'permit user alice as root cmd /usr/bin/apt update' allows user Alice to run 'apt update' as root.

doas prioritizes security by minimizing features and implementing strict access controls. Always carefully review and understand the configuration file to ensure only necessary privileges are granted. Regular audits of the doas.conf file are recommended.

doas was originally developed as part of the OpenBSD project to provide a simpler and more secure alternative to sudo. Its development has focused on maintaining a small codebase and prioritizing security best practices. Its usage has expanded to other Linux distributions due to its simplicity and security advantages.

sudo(8), su(1)