Sudo is quite bloated and not without security problems. It is intended to cover situations that normal Linux users will never encounter, and its configuration is messy.
Doas is an application from OpenBSD that is simpler and cleaner.
Here are the steps I took to install doas and replace sudo:
sudo pacman -S opendoas
Add my username to the group wheel:
sudo usermod -aG wheel philip
Create /etc/doas.conf and add:
permit setenv {PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin} :wheel
Modify the ownership and permissions:
doas chown -c root:root /etc/doas.conf
doas chmod -c 0400 /etc/doas.conf
You should now be able to remove sudo:
doas pacman -Rdd sudo
Create a symlink to sudo
ln -s $(which doas) /usr/bin/sudo
So now it would be nice to have the equivalent of sudoedit.
Create /root/scripts/doasedit (I use the micro editor):
#!/usr/bin/env bash
DOASDIR="/tmp/doas-$(date +%s)"
mkdir $DOASDIR
chmod 700 $DOASDIR
DOASFILE="$DOASDIR/doas.conf"
cp /etc/doas.conf $DOASFILE
chmod 600 $DOASFILE
micro $DOASFILE
sync
doas -C $DOASFILE && echo "valid config" && cp $DOASFILE /etc/doas.conf && chmod 400 /etc/doas.conf || echo "invalid config"
sync
rm -rf $DOASDIR
Create /usr/local/bin/doasedit:
#!/usr/bin/env bash
if [ "$(id -u)" != 0 ]; then
doas /root/script/doasedit
else
/root/script/doasedit
fi
Modify the permissions
doas chmod 700 /root/script/doasedit
doas chmod 755 /usr/local/bin/doasedit
Test doasedit:
doasedit
add this line:
permit nopass philip as root cmd pacman
save and you should see:
valid config
ยง