On Fri, Dec 17, 2021 at 12:20:43PM -0800, David Newman wrote:
> How to configure /etc/doas.conf so a non-root user gets root's PATH?
This works for me:
unicorn:~$ PATH=/usr/local/bin:/usr/bin:/bin
unicorn:~$ cat /etc/doas.conf
permit setenv {
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } greg
unicorn:~$ doas env | grep PATH
doas (greg@unicorn) password:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> permit nopass setenv {
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } dnewman
> as root
> permit nopass keepenv root as root
>
> permit nopass setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } dnewman as root
> permit nopass keepenv root as root
You've got two contradictory lines for "dnewman as root", with the latter
having a setenv clause without PATH in it. I would imagine the latter
wins out (because it occurs last), and therefore your PATH variable doesn't
get set.
I don't know how repeated "dnewman as root" lines would be handled if only
one of them had a setenv clause. You could experiment and find out. It
would be easier just to get rid of the second line.
