by 
In Linux, when a user wants to execute a command as the root user, they use the sudo command. In the OpenBSD world, it is different since the system, by default, ships with the <a href="https://man.openbsd.org/doas">doas</a> command, which essentially does the same thing as sudo: it allows users to execute commands as another (root) user. This does not mean that you cannot use sudo. In fact, sudo is available in the ports collection for installation. However, in this article, we focus on how to configure and execute commands as the root user on OpenBSD with doas.
Configuration of the doas command
Configuring the doas command is pretty simple. You do not need to install any packages since it is shipped by default with the OpenBSD base installation. However, it is not configured by default, so some basic steps are needed to get it up and running.
Adjusting the doas.conf file
Fortunately, there is an example doas configuration file provided under /etc/examples/doas.conf, which we can adjust to our needs regarding how the doas command should function.
To get started, copy the file to the /etc directory:
$ su -
# cp /etc/examples/doas.conf /etc/If you leave the example configuration file as-is, every time you run the doas command, it will prompt for your password. This could be inconvenient. To adjust the behavior and get prompted for your password only occasionally (and not on every doas execution), open the configuration file with your preferred editor and edit the following line:
permit keepenv :wheelTo be like this:
permit persist keepenv :wheelSave the changes and exit.
It is also possible, though highly discouraged, to completely turn off the password prompt by modifying the line as follows:
permit nopass keepenv :wheelAdding the user to the wheel group
The next step is to ensure your user is in the wheel group. To check, run:
$ groupsIf you don’t see the wheel group, you need to add your user to it:
$ su -
# usermod -G wheel YOUR_USEROnce that is done, either restart your computer or log out and log back in to ensure the changes take effect.
Finally, to validate that the doas command is configured properly, run a test command:
$ doas lsYou should be prompted to enter your password and see the output of the ls command.
Conclusion
In contrast to most Linux distributions, OpenBSD does not use the sudo command by default. To execute commands as the root user on OpenBSD, you can use the OpenBSD equivalent, the doas command. The doas command is lighter (~500 lines compared to over 2000 lines of code in sudo‘s main file), easier to configure, and less bloated. Additionally, the doas command is more secure since it has fewer lines of code (which means a smaller attack surface) and does not suffer from issues such as the -1 UID or Baron Samedit vulnerability.
