|RebornOS (2021.10.20)||2021-10-21 07:04|
|RebornOS-ARM (RebornOS-ARM-v2.0)||2021-06-07 02:58|
|RebornOS LTS (2022.04.10)||2022-04-11 19:32|
sudo is a tool for administrators that has been used since Ubuntu to release systems without root user support, I think this is to crack a nut with a sledgehammer.
The default entry in /etc/sudoers is root ALL=(ALL:ALL) ALL.
In very simple terms, this means that the user may execute all commands that require root with sudo.
- The assignment of rights with sudo can also be regulated as role-based access control
- and Mandatory Access Control
- via LDAP
- and the directory service Network Information Service (NIS).
This and other advanced strategies for access control that can be realised with sudo result in a very complex configuration file that quickly overwhelms beginners and may lead to errors that affect the system.
What would make sense on an enterprise server with many users seems quite out of place on domestic desktop systems.
So if you are one of those users who only use sudo on your system to temporarily gain root rights for system administration, then sudo is heavily overloaded for your needs.
As an alternative, we can use su - , which starts the actual root account, but always make sure to log out with exit .
Especially on multi-user systems, it is forbidden to leave a root account open for security reasons.
Another alternative is the small tool doas, which is available in Linux systems as the package opendoas.
doas thus offers a much smaller attack vector with reduced functionality tailored to desktop systems.
To execute doas, you only have to prepend doas to the command, just as with sudo
starts midnight commander as root
However, before we can make the change in RebornOS, we first have to start with install doas with
sudo pacman -S opendoasthan
sudo touch /etc/doas.conf
to create the configuration file
With the editor of your choice and as root In this file you only need to add the line
so that it behaves like sudo on a single-user computer.
If you manage a multi-user system, you can allow permissions for each user in just one line or deny certain tasks with the deny command.
To pass the usual sudo command, it is possible to add the entry
man doas.confyou can see the syntax of the individual possibilities.