@hund Doas is the first thing I install on any nix that doesn‘t have it right off the box.

@hund Wow I heard this from mental outlaw. He made a video about it Lol


it seems like doas have some features that sudo is currently lacking, like denying a user access to a specific command.

I think the ! operator in sudo does exactly that: user ALL = ALL, !/usr/bin/vim. Although I'm not familiar with doas; perhaps you meant something different?

@minoru @hund What would be the point of that, unless you also deny the user access to mv, cp, rsync, tee, wget, curl… so they can't copy the command to another name?

@edavies No idea, actually — I never actually used it myself. The hole you're describing is indeed documented in sudoers(5), under "Security holes" section.


Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.