|Feb 13, 2024
|Sep 21, 2023
|Aug 29, 2023
|Jul 11, 2023
|Jun 20, 2023
#57 in Command-line interface
29 downloads per month
A safety oriented and memory safe implementation of sudo and su written in Rust.
Status of this project
Sudo-rs is being developed further; features you might expect from original sudo may still be unimplemented or not planned. If there is an important one you need, please request it using the issue tracker. If you encounter any usability bugs, also please report them on the issue tracker. Suspected vulnerabilities can be reported on our security page.
An audit of sudo-rs will take place in September 2023, the next stable release will incorporate its results.
Sudo-rs currently is targeted for Linux-based operating systems only; Linux kernel 5.9 or newer is necessary to run sudo-rs.
Building it yourself
Sudo-rs is written in Rust. The minimum required Rust version is 1.70. If your
Linux distribution does not package that version (or a later one), you can always
install the most recent version through rustup. You also need the C development
files for PAM (
libpam0g-dev on Debian,
pam-devel on Fedora).
On Ubuntu or Debian-based systems, use the following command to install the PAM development library:
sudo apt-get install libpam0g-dev
On CentOS or Red Hat-based systems, you can use the following command:
sudo yum install pam-devel
With dependencies installed, building sudo-rs is a simple matter of:
cargo build --release
This produces a binary
target/release/sudo. However, this binary must have
the setuid flag set and must be owned by the root user in order to provide any
useful functionality. Consult your operating system manual for details.
Sudo-rs needs the sudoers configuration file. The sudoers configuration file
will be loaded from
/etc/sudoers-rs if that file exists, otherwise the
/etc/sudoers location will be used. You must make sure that a valid
sudoers configuration exists at that location. For an explanation of the
sudoers syntax you can look at the
original sudo man page.
Differences from original sudo
sudo-rs supports less functionality than sudo. Some of this is by design. In most cases you will get a clear error if you try something that is not supported (e.g. use a configuration flag or command line option that is not implemented).
Exceptions to the above, with respect to your
use_ptyis enabled by default, but can be disabled.
env_resetis ignored --- this is always enabled.
visiblepwis ignored --- this is always disabled.
verifypwis currently ignored; a password is always necessary for
match_group_by_gidare not applicable to our implementation, but ignored for compatibility reasons.
Some other notable restrictions to be aware of:
- Some functionality is not yet supported; in particular
sudoeditand preventing shell escapes using
- Per-user, per-command, per-host
Defaultssudoers entries for finer-grained control are not (yet) supported.
- Sudo-rs always uses PAM for authentication at this time, your system must be
set up for PAM. Sudo-rs will use the
sudoservice configuration. This also means that resource limits, umasks, etc have to be configured via PAM and not through the sudoers file.
- sudo-rs will not include the sendmail support of original sudo.
- The sudoers file must be valid UTF-8.
- To prevent a common configuration mistake in the sudoers file, wildcards
are not supported in argument positions for a command.
%sudoers ALL = /sbin/fsck*will allow
sudo fsck_exfatas expected, but
%sudoers ALL = /bin/rm *.txtwill not allow an operator to run
sudo rm README.txt, nor
sudo rm -rf /home .txt, as with original sudo.
If you find a common use case for original sudo missing, please create a feature request for it in our issue tracker.
Aim of the project
Our current target is to build a drop-in replacement for all common use cases of sudo. For the sudoers config syntax this means that we support the default configuration files of common Linux distributions. Our implementation should support all commonly used command line options from the original sudo implementation.
Some parts of the original sudo are explicitly not in scope. Sudo has a large and rich history and some of the features available in the original sudo implementation are largely unused or only available for legacy platforms. In order to determine which features make it we both consider whether the feature is relevant for modern systems, and whether it will receive at very least decent usage. Finally, of course, a feature should not compromise the safety of the whole program.
su implementation is made using the building blocks we created for our
sudo implementation. It will be suitable replacement for the
While our initial target is a drop-in replacement for most basic use cases of sudo, our work may evolve beyond that target. We are also looking into alternative ways to configure sudo without the sudoers config file syntax and to extract parts of our work in usable crates for other people.