How many of you are using doas?sudo?what about root tty1?

[coalms]

Honestly, do you prefer having programs like sudo and doas in your "daily driver"? Or you you just avoid the security escalation vulnerability of having a program such at this and just run tty1 root tmux/screen? If tty then have you though about hardening your keyboard and xorg so programs cannot ctrl+alt+fX on an open root tty xorg emulating a tty to sniff your password?

PS I wourld have made this into a poll but no such option appears so I guess I do not have the permission to do so, if an admin sees this do poll it if possible

Edit: realised I should have posted this on gentoo chat sub-forum where I have both poll rights and thinking about it now imo is a more fitting place to post it, but at this point I made enough posts for today where deleting this and reposting it there wourld give me an error(too many posts), unless this is moved Ill repost tomorrow

Moved the topic to "Gentoo Chat" subforum for you.
You should be able to add poll now.
-- Zucca

Thanks Zucca

[spica]

Navigating complex discussions about borderline cases can be likened to a sausage stick:
one end has the exclusive "root user," while the other end lacks any root access.
The reality, much like the savory truth in this metaphor, lies nestled somewhere in the middle.

[Zucca]

I'm using doas, as I found its construction (code) quite simple. This in hopes that it's less prone to security flaws.
_________________
..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--

[lemon426]

Hello!

For my part, I use sudo more often. But for some time now (well over a month now), I've been using doas. The fact that I can (partly) read the source code and understand it helps a lot. And in terms of optimization (although I'm sure it's not much), doas is really very small in size!

[NeddySeagoon]

coalms'

I use sudo but its usually

[Naib]

I just use su - to get a root shell
_________________

[rfx]

+1 sudo

[NichtDerHans]

[pietinger]

[Hu]

I use a root login on a console for serious maintenance. I use my user in an xterm running /bin/su -l for routine root administration. Also, everything that can be run under setpriv --nnp is, so most of my shells cannot use /bin/su to elevate.

[NeglectedRudderPug]

Personally, I just use the command:

[tld]

As many others here, I've never seen any need to do anything other than "su -". At one time I'm sure this is essentially all anyone running Linux used until Ubuntu started that whole trend with no root password, where sudo was the only option. Always disliked that whole idea.

Tom

[spica]

[grknight]

[Goverp]

[spica]

[CaptainBlood]

[Zucca]

Looks like I'm in the minority with doas. :o
_________________
..: Zucca :..
Gentoo IRC channels reside on Libera.Chat.
--

[flexibeast]

'su -l' for me also, with the '-l' making sure i don't have a hybrid user+root environment that can create various issues. And, yeah, this is probably because i started using Linux long before Ubuntu's "sudo all the things" approach became widespread.

That said, what potential problems are there with using 'sudo' or 'doas' all the time instead of 'su'?

[coalms]

To be honest I am baffled by the results up until this point, the points I have seen just up until now are simple, doas is an unofficial port and while some users see it as a vulnerability not having the right kernel access as the bsd og the compactness of code is
su -,sudo -i or any sudo variation is quite hardened spaghetti code which I would have originally though the gentoo community would stay away from
tty is cumbersome to switch all the time and yet the most secure out of all to administer the system without booting to single-user or init=/bin/bash

personally on a daily driver its tty for me and in case I have to leave my machine emerging while I am away from home i prefix my commands with a comma

[psycho]

Depends if we're counting running or just typing them. If I need root access for something unusual I'll type su in a terminal, but I have a few scripts that use sudo to start/stop services or whatever. So on a typical day I'm probably using sudo the most (but I'm not typing it, I'm doing GUI stuff that's using it in the background). Actually typing the instruction though, it's nearly always su.

[flexibeast]

@coalms:

Well, there are instances where i use (open)doas too. Here's a more complete picture:

* As part of starting up my GUI environment on my (Gentoo) laptop, a kitty terminal is opened, containing several tabs. One of those is a 'root' tab, with an 'su -l' session. Normally i'm in other tabs, but for tasks (or more likely, series of tasks) requiring root, i'll switch to the 'root' tab, switching back to other tabs when local root isn't necessary.

* i use opendoas on my laptop, but for specific tasks requiring different privileges (e.g. using Wireshark), not as a generic tool to do whatever i want as root.

* i use doas on my OpenBSD server, e.g. running a PHP admin script as the 'www' user.

[Hu]

I do not recall the state of the code or the configuration language for doas. I recall that the configuration language for sudo is rather unpleasant to work with, and suspect that many sites confer far more sudo privilege than is needed simply because assigning an exactly correct amount is too cumbersome in the grammar.

[coalms]

[coalms]