3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
If you have been keeping track of Canonical news over the last few months, you might have heard that the venerable sudo, the command that lets users run programs with the security privileges of another user, is getting a Rust-based replacement called sudo-rs.
The plan was to adopt sudo-rs as the default in Ubuntu 25.10 (Questing Quokka) with the goal of a full transition in the upcoming 26.04 LTS (Long-Term Support) release. Now, the company has announced that it has achieved the former with sudo-rs 0.2.8 now being the default sudo in the latest daily images.
According to Canonical, the upstream sudo-rs team worked to implement necessary features in time for the 25.10 Feature Freeze. This new release includes support for NOEXEC and AppArmor profile switching.
It also adds compatibility for older Linux kernels that are older than version 5.9. The team has also been cleaning things up, like a recent change that saw it remove documentation for the ignored and unimplemented "-I", "-q", and "-s" flags.
Canonical says it plans to make sudo-rs the only sudo provider in Ubuntu 26.10. To get there, sudo-rs will need to ship with its own /etc/sudoers config file and formally declare a conflict with the old sudo.ws package to prevent both from being on the system.
If you are already testing out the daily builds, there is a fallback for when something goes wrong. The team says the original sudo.ws (along with visudo.ws and sudoreplay.ws) remains available. You can switch back to the old version by running the following commands (if you really need to):
# For an interactive prompt
update-alternatives --config sudo
# For a script
update-alternatives --set sudo /usr/bin/sudo.ws
The new sudo-rs does not ship with "sudo insults," a feature that provides a snarky comment like "My pet ferret can type better than you!" when you enter the wrong password. If you miss that particular brand of humor, you can check out the pam-insults project. The good news is that it is a PAM module, so it works in just about anything that authenticates, including your login screen.
Speaking of Rust rewrites, engineers at Red Hat are also busy replacing Greenboot, a health check framework for atomically updated systems. This effort will see the old bash script get a complete rewrite in Rust for inclusion in Fedora 43.
Hope you enjoyed this news post. Feedback welcome.
Posted Wednesday 3 September 2025 at 3:51 am AEST (my time).
News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of August): 4,048
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.