sudo-rs¶
This page serves as a reference for the key differences between sudo.ws
and sudo-rs
.
Note: Both projects are under active development, so it is not possible to maintain a fully up-to-date list of differences. This is a list of major differences as of the Ubuntu 25.10 release.
For the most accurate and current information, refer to
sudo-rs --help
for a list of supported options in your installed version.
Refer to man sudoers-rs
for the /etc/sudoers
configuration options supported by sudo-rs
.
Differences¶
Start with the official documentation from the
sudo-rs
project.sudo-rs
prompt.
This is the most common error users encounter when using Expect-based automation. The error often is a TIMEOUT because Expect is pattern matching on the sudo.ws
prompt.
sudo.ws
prompt for password says [sudo] password for <USERNAME>
, whereas sudo-rs
prompt says [sudo: authenticate] <METHOD>:
. sudo-rs
transparently prints whatever PAM says such as Password:
, PIN:
, etc.
You can use --prompt ""
in Expect-based scripts to skip the regex-based matching of the prompt.
I/O logging and
sudoreplay
is not supported. The programs aresudo_logsrvd
,sudo_sendlog
, andsudoreplay
.There is no
sudoers.ldap
. You need to use LDAP authentication via PAM.The
sudo-rs
team maintains the list of CLI flags parity withsudo.ws