doas as sudo replacement

sudo is a tool for administrators that has been used since Ubuntu to release systems without root user support, I think this is to crack a nut with a sledgehammer.

The default entry in /etc/sudoers is root ALL=(ALL:ALL) ALL.
In very simple terms, this means that the user may execute all commands that require root with sudo.

What does ALL actually mean in the configuration?

- The assignment of rights with sudo can also be regulated as role-based access control
- and Mandatory Access Control
- via LDAP
- and the directory service Network Information Service (NIS).

This and other advanced strategies for access control that can be realised with sudo result in a very complex configuration file that quickly overwhelms beginners and may lead to errors that affect the system.

What would make sense on an enterprise server with many users seems quite out of place on domestic desktop systems.
So if you are one of those users who only use sudo on your system to temporarily gain root rights for system administration, then sudo is heavily overloaded for your needs.

Which opportunities are possible

As an alternative, we can use su - , which starts the actual root account, but always make sure to log out with exit .
Especially on multi-user systems, it is forbidden to leave a root account open for security reasons.

Do it as?

Another alternative is the small tool doas, which is available in Linux systems as the package opendoas.
doas thus offers a much smaller attack vector with reduced functionality tailored to desktop systems.
To execute doas, you only have to prepend doas to the command, just as with sudo

doas mc

starts midnight commander as root

However, before we can make the change in RebornOS, we first have to start with install doas with

sudo pacman -S opendoas
than

sudo touch /etc/doas.conf 

to create the configuration file
With the editor of your choice and as root In this file you only need to add the line

permit :wheel

so that it behaves like sudo on a single-user computer.
If you manage a multi-user system, you can allow permissions for each user in just one line or deny certain tasks with the deny command.

To pass the usual sudo command, it is possible to add the entry

alias sudo="doas" 
in
.bashrc
With
man doas
and
man doas.conf
you can see the syntax of the individual possibilities.

This article is essentially based on the article from the "Linux Comunity" by Ferdinand Thommes which can be found under the link https://www.linux-community.de/ausgaben/linuxuser/2021/08/mit-doas-statt-sudo-administrative-aufgaben-erledigen/