Byron Klippert (2016-03-25 18:37 +0100):
> CGI script:
> #!/bin/ksh
> printf "Content-type: text/html\n\n"
> printf "Hello!\n"
> printf "\n"
> printf "`doas pfctl -sr`"
> ^^^^
>
> doas.conf:
> permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel
> permit nopass www as root cmd /sbin/pfctl
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> httpd debug output:
> doas:
> Operation not permittedYou have "/sbin/pfctl" in doas.conf, so you should do "doas /sbin/pfctl" rather than "doas pfctl".
