sudo-rs¶
This page serves as a reference for the key differences between sudo.ws and sudo-rs.
Note: Both projects are under active development, so it is not possible to maintain a fully up-to-date list of differences. This is a list of major differences as of the Ubuntu 25.10 release.
For the most accurate and current information, refer to
sudo-rs --help for a list of supported options in your installed version.
Refer to man sudoers-rs for the /etc/sudoers configuration options supported by sudo-rs.
Differences¶
Start with the official documentation from the
sudo-rsproject.sudo-rsprompt.
This is the most common error users encounter when using Expect-based automation. The error often is a TIMEOUT because Expect is pattern matching on the sudo.ws prompt.
sudo.ws prompt for password says [sudo] password for <USERNAME>, whereas sudo-rs prompt says [sudo: authenticate] <METHOD>:. sudo-rs transparently prints whatever PAM says such as Password:, PIN:, etc.
You can use --prompt "" in Expect-based scripts to skip the regex-based matching of the prompt.
I/O logging and
sudoreplayis not supported. The programs aresudo_logsrvd,sudo_sendlog, andsudoreplay.There is no
sudoers.ldap. You need to use LDAP authentication via PAM.The
sudo-rsteam maintains the list of CLI flags parity withsudo.ws