That's it, thanks Tim.
For the record I've got `permit nopass www as root cmd /sbin/pfctl' in
doas.conf and the script calls `printf "`doas /sbin/pfctl -sr`"'.
Seems to work.
On Fri, Mar 25, 2016, at 12:31, Tim van der Molen wrote:
> Byron Klippert (2016-03-25 18:37 +0100):
> > CGI script:
> > #!/bin/ksh
> > printf "Content-type: text/html\n\n"
> > printf "Hello!\n"
> > printf "\n"
> > printf "`doas pfctl -sr`"
> > ^^^^
> >
> > doas.conf:
> > permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel
> > permit nopass www as root cmd /sbin/pfctl
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >
> > httpd debug output:
> > doas:
> > Operation not permitted
>
> You have "/sbin/pfctl" in doas.conf, so you should do "doas /sbin/pfctl"
> rather than "doas pfctl".
--
Byron Klippert
byronklipp...@ml1.net
c. 867-336-1306
