The doas Command

This document explains the purpose, installation, and configuration of the doas command on Alpine Linux.

Becoming Root: sudo and doas

On most Linux distributions, including Raspberry Pi OS, it’s possible for a regular user with the right permissions to execute commands as root by using the sudo command. Figure 1 shows an example.

Unfortunately, the implementation of the sudo command has become quite bloated, as sudo contains a number of features that relatively few people will ever use. As a general rule, larger code bases invite a greater number of potential bugs, and these bugs can lead to security vulnerabilities. In 2021, for example, there was a major buffer overflow vulnerability in sudo.²

Some of the risks inherent to sudo were known as early as 2015, when the OpenBSD³ project created the doas command as a replacement for sudo.⁴ As of 2021, the number of lines of code required to implement doas was less than 1% of the line count of sudo.⁵

Alpine officially recommends doas over sudo to enable a user account to obtain root privileges when required.⁶ The sudo package is still available in the community repository, but doas is found in the official documentation (and some of the newer wiki entries). We’re going to follow this recommendation and use doas instead of sudo, since the former is much lighter and easier to configure properly.

Installing the doas Package

To install doas on Alpine Linux, simply run (as the root user):

apk add doas

Configuring doas

Before we can use doas as a regular user, it is necessary to configure it. As the root user, edit the file /etc/doas.conf like so:

vi /etc/doas.conf

Move the cursor to the # at the beginning of the line that allows the wheel group to become root, and press the X key to remove it and the following space. The newly edited line should look like the following with NO leading space:

permit persist :wheel

Save and exit vi. Any user accounts that are part of the wheel group will now be able to use the doas command.

Notes and References