On the one hand, doas is simpler. Less code means less bugs, and lower chance someone manages to hack it and gain admin rights. On the other hand, sudo is more popular, and so has a lot more people double-checking its security. Ultimately, I don't think it matters - when someone unauthorized gains admin rights, usually it's not due to bug in sudo or doas, but other problems.

I use doas just because. It's not necessary at all, but it can't hurt either (I think). It might be a bit more secure (fewer features -> fewer code -> fewer bugs -> fewer vulnerabilities, need to give password more often). Kinda cool if you want more minimalism for fun (I replaced startx with sx...)

doas, afaik, was originally made for FreeBSD, so some of its features aren't compatible with/haven't been implemented for Linux. That may or may not be an important issue for you to consider.

Doas is more secure, sudo has had a few critical vulnerabilities in the past, because the codebase is much larger. Sudo has like a million features that most people don't need, but they significantly increase attack surface.

When I thought about this question, I decided to ditch both sudo and doas entirely. I am certain this is an unpopular opinion, but I preferred setting up a granular permission + user system instead, and keeping root privileges for only a handful of use cases (primarily for system updates and package installations).

For anything else, a dedicated user is created, and given only permissions to do that exact thing only. Many of these users have no shell access at all, and for the ones that do, I use a password manager so I don't have to memorize passwords for all of these users.

I just use doas because sudo has a bunch of features i don't care about or use, and doas does everything i need while being significantly smaller.

From what I hear, doas is more secure. I don't think it matters though, as long as you keep your system updated. I use sudo still.

Doas has about 90% of features with 10% of code size of sudo.

And rdo/ssu have ~140 lines of C code. Anyone knows similiar?

Well, i believe in all showcased cases from people here, they are NOT replacing sudo entirely (Except if some are from BSD or if I'm incorrect with this assumption). They are just replacing their user habit with doas and use that command instead. In the end, all unix scripts or apps expect using sudo (If not, su) so... ### What's even the need to ?

• Size : Installed on top of the already system present sudo.
• Security : Only perhaps if you made a sudo alias to doas (But since it isn't entirely 1:1 identical, if anyone have a cleaner way of implementing that, I'm all hear)
• Simplicity : You now have two tools. A easy to use keycard, and a key. The second is more complicated to use, so you use it rarely but it's still two tools instead of one.
• Less dependencies : Again, unless you can actually replace it ENTIRELY, it's just an added tool (Still almost dependency free)

Really looking to corrections if i do some

You feel smarter... Yeah, that's pretty much it.

I find the config syntax cleaner.

doas uses like 10MIB less of mem than sudo.

Security may be more likely to approve some users having doas, sudo is a no go in many restricted environment.

BTW I use pkexec