On 2025-02-14, Paul Pace wrote:
> I do find OpenBSD to be a fantastic project that I otherwise enjoy
> using, I just wish this timeout length to be 15 minutes or managed a
> little differently, somehow.
doas is intentionally low on options. I would suggest installing sudo
if you want more flexi
On Fri, Feb 14, 2025 at 10:06 AM Paul Pace wrote:
>
> I know there are several posts regarding timeout, so I am aware this has
> been discussed, but I just want to provide some feedback.
>
> I am only an enthusiast, but I have switched from Ubuntu Server to
> OpenBSD for all of my web servers and
I wrote a guide:
https://wiki.ircnow.org/?n=Doas.Configure
--
jrmu
IRCNow (https://ircnow.org)
On Thu, Sep 05, 2024 at 01:59:49PM -0400, openbsd_fr...@mail2tor.com wrote:
> Gentlemen! How do I doas my regular user.
>
> How do I learn the syntax?
>
> Thanks.
>
man page online link: https://man.openbsd.org/doas
On Thu, Sep 5, 2024 at 12:29 PM Rob Schmersel wrote:
>
> On Thu, 5 Sep 2024 13:59:49 -0400
> openbsd_fr...@mail2tor.com wrote:
>
> > Gentlemen! How do I doas my regular user.
> >
> > How do I learn the syntax?
> >
> > Thanks.
> >
>
> read the man
On Thu, Sep 05, 2024 at 08:09:55PM +0200, Peter N. M. Hansteen wrote:
> On Thu, Sep 05, 2024 at 01:59:49PM -0400, openbsd_fr...@mail2tor.com wrote:
> > Gentlemen! How do I doas my regular user.
>
> Please do not assume all contributors here are male.
>
> doas needs a valid doas.conf. See man doa
On Thu, 5 Sep 2024 13:59:49 -0400
openbsd_fr...@mail2tor.com wrote:
> Gentlemen! How do I doas my regular user.
>
> How do I learn the syntax?
>
> Thanks.
>
read the man page?
On Thu, Sep 05, 2024 at 01:59:49PM -0400, openbsd_fr...@mail2tor.com wrote:
> Gentlemen! How do I doas my regular user.
Please do not assume all contributors here are male.
doas needs a valid doas.conf. See man doas and man doas.conf.
--
Peter N. M. Hansteen, member of the first RFC 1149 imple
Дана 24/07/30 05:32PM, Kirill A. Korinsky написа:
> I think this way is cleaner, isn't it?
>
> set -A complete_doas_1 -- $(echo $PATH | tr ':' '\n' | xargs ls)
Or, to limit the types of files to regular files or symlinks with
execute bit set and avoid parsing the output of ls[1]:
set -A complet
On Mon, 29 Jul 2024 17:32:06 +0200,
Florian Obser wrote:
>
> in .kshrc:
>
> set -A complete_doas_1 -- $(ls /sbin /usr/sbin /bin /usr/bin /usr/X11R6/bin \
> /usr/local/sbin /usr/local/bin)
>
I think this way is cleaner, isn't it?
set -A complete_doas_1 -- $(echo $PATH | tr ':' '\n' | xargs
On Mon, 29 Jul 2024 17:32:06 +0200,
Florian Obser wrote:
>
> again, in .kshrc:
>
> HOST_LIST=`awk '{print $1}' < ~/.ssh/known_hosts | cut -f 1 -d, \
> | egrep -v '^[[:digit:]]|^$|\:\:' | sort -u`
>
> set -A complete_ssh -- ${HOST_LIST}
> set -A complete_ping -- ${HOST_LIST}
> set -A complet
On July 30, 2024 8:03:45 AM GMT+02:00, Jason McIntyre
wrote:
>On Tue, Jul 30, 2024 at 12:42:04AM +0200, Alexander Hall wrote:
>> In this specific case, I believe
>>
>> $ alias doas='doas ' # Note the space
>>
>> might have done the trick as well, for ksh at least.
>is that correct? as far
On Tue, Jul 30, 2024 at 12:42:04AM +0200, Alexander Hall wrote:
> In this specific case, I believe
>
> $ alias doas='doas ' # Note the space
>
> might have done the trick as well, for ksh at least.
>
> /Alexander
>
is that correct? as far as i know, adding a space after an alias is used
to ge
In this specific case, I believe
$ alias doas='doas ' # Note the space
might have done the trick as well, for ksh at least.
/Alexander
On July 29, 2024 7:30:57 PM GMT+02:00, Robert Palm
wrote:
>Thanks a lot for sharing all this great solutions!
>
>Am 29. Juli 2024, 17:37, um 17:37, Stuart He
Thanks a lot for sharing all this great solutions!
Am 29. Juli 2024, 17:37, um 17:37, Stuart Henderson
schrieb:
>On 2024-07-29, Robert Palm wrote:
>>
>> Hi,
>>
>> wonder how I can get TAB completion in the shell when using doas ...
>>
>> Do I need to add something to .profile ?
>
>pkg_add dmenu
On 2024-07-29, Robert Palm wrote:
>
> Hi,
>
> wonder how I can get TAB completion in the shell when using doas ...
>
> Do I need to add something to .profile ?
pkg_add dmenu, then you can add this:
set -A complete_doas `dmenu_path`
(note it will not update automatically if a new program is inst
On 2024-07-29 12:05 +02, Jan Stary wrote:
> On Jul 29 11:44:32, develo...@robert-palm.de wrote:
>> complete -cf doas
>>
>> but I cannot figure out how to do this for ksh.
>>
in .kshrc:
set -A complete_doas_1 -- $(ls /sbin /usr/sbin /bin /usr/bin /usr/X11R6/bin \
/usr/local/sbin /usr/local/
Quoting Marcus MERIGHI :
Hello Robert,
develo...@robert-palm.de (Robert Palm), 2024.07.29 (Mon) 09:47 (CEST):
wonder how I can get TAB completion in the shell when using doas ...
Do I need to add something to .profile ?
as I understand your other messages in this thread you are looking for
Hello Robert,
develo...@robert-palm.de (Robert Palm), 2024.07.29 (Mon) 09:47 (CEST):
> wonder how I can get TAB completion in the shell when using doas ...
> Do I need to add something to .profile ?
as I understand your other messages in this thread you are looking for a
solution for ksh(1).
W
On Mon, 29 Jul 2024 09:47:39 +0200,
Robert Palm wrote:
>
> wonder how I can get TAB completion in the shell when using doas ...
>
> Do I need to add something to .profile ?
>
Depends on the shell you are using.
Assuming you are using BASH, you will probably get what you want by:
complete -
Zitat von Jan Stary :
On Jul 29 11:44:32, develo...@robert-palm.de wrote:
> On Jul 29 09:47:39, develo...@robert-palm.de wrote:
> > wonder how I can get TAB completion in the shell when using doas ...
echo $SHELL
Different shells do (or don't) this differently.
> tab completion is not spe
On Jul 29 11:44:32, develo...@robert-palm.de wrote:
> > On Jul 29 09:47:39, develo...@robert-palm.de wrote:
> > > wonder how I can get TAB completion in the shell when using doas ...
echo $SHELL
Different shells do (or don't) this differently.
> > tab completion is not specific to any command.
>
Zitat von Jan Stary :
On Jul 29 09:47:39, develo...@robert-palm.de wrote:
wonder how I can get TAB completion in the shell when using doas ...
tab completion is not specific to any command.
Hm, it does work, e.g. when I start typing
$sysu
it shows me the commands starting with "sysu"
B
On Jul 29 09:47:39, develo...@robert-palm.de wrote:
> wonder how I can get TAB completion in the shell when using doas ...
tab completion is not specific to any command.
On July 28, 2022 9:06:51 PM GMT+02:00, Chris Narkiewicz
wrote:
>On Thu, Jul 28, 2022 at 03:08:19PM +0200, Alexander Hall wrote:
>> Just leaving out the "args ..." from the config should accomplish that.
>
>It would allow the user to set any wscons parameters, which is not optimal.
>
>But eith
Maksim Rodin writes:
$ /sbin/wsconsctl display.brightness=50 wsconsctl: /dev/ttyC0:
Permission
denied
Did you forget to type "doas" before your command?
Gah, apparently so. :-/ i try to be thorough when i check these
things, but then i do something like this. Thank you.
Chris: There yo
> $ /sbin/wsconsctl display.brightness=50 wsconsctl: /dev/ttyC0: Permission
> denied
>
Did you forget to type "doas" before your command?
On Пт 29 июл 2022 15:38:37, Alexis wrote:
>
> Alexander Hall writes:
>
> > > There's a good chance i'm misunderstanding, but doesn't this run
> > > into
> >
Alexander Hall writes:
There's a good chance i'm misunderstanding, but doesn't this run
into
the same issue? Namely, that (as far as i'm aware) it's not
possible
to specify that a doas-permitted command be allowed to run with
arbitrary arguments (or range of arguments), rather than only
th
On July 28, 2022 5:09:54 AM GMT+02:00, Alexis wrote:
>
>Alexander Hall writes:
>
>> Better yet, the wrapper could be allowed with no argument restrictions
>> and just do
>>
>> wsconsctl "display.brightness=$1"
>>
>> or even (maybe; untested)
>>
>> wsconsctl "display.brightness${1%%[!+-]
Alexander Hall writes:
Better yet, the wrapper could be allowed with no argument
restrictions
and just do
wsconsctl "display.brightness=$1"
or even (maybe; untested)
wsconsctl "display.brightness${1%%[!+-]*}=${1#[+-]}"
for moar fanziness.
There's a good chance i'm misunderstanding,
On July 26, 2022 1:48:24 PM GMT+02:00, Alexis wrote:
>
>Chris Narkiewicz writes:
>
>> Is it possible to match command arguments against an expression in
>> doas.conf?
>>
>> I'd like to allow user to run wsconsctl display.brightness=<0-100> and
>> the only solution i found so far is to explici
Chris Narkiewicz writes:
Is it possible to match command arguments against an expression
in
doas.conf?
I'd like to allow user to run wsconsctl
display.brightness=<0-100> and
the only solution i found so far is to explicitly put all values
in
doas.conf.
Since no-one has yet offered any
Weird. I did nothing but it recovered. I’ll check it again when it’s hanging.
Thanks for you help.
Siegfried
siegfried.le...@gmail.com
> On Jun 22, 2022, at 15:27, Stuart Henderson wrote:
>
> On 2022-06-22, Siegfried Levin wrote:
>> My server has been running for weeks without an issue. It
On 2022-06-22, Siegfried Levin wrote:
> My server has been running for weeks without an issue. It is running OpenBSD
> 7.1. However, today I suddenly cannot use doas anymore. It always hang. Has
> anyone met this issue before?
How does the doas process look in top(1) when it's hanging?
--
Ple
i noticed the newbie-q earlier and am not sure the full-thread,
but the comment below is the "correct" answer for most cases:
ie - look in /etc/examples if the config-file-you-need isnt there yet...
the reason i am chiming in is because i wrote a "crude" script
that i will enclose below - because
You'll find plenty of examples in the directory "/etc/examples". It
also helps that many (all?) programs written for the OpenBSD project are
able to check the syntax of their own configuration files while printing
any errors to standard output, including doas.
Regards,
Jean-Pierre de Villiers
On Fri, Feb 19, 2021 at 03:53:38PM +0530, Sivan ! wrote:
> Didn't realize that it was a reply to you. Man pages are thorough and
> good for
> those who grew up in the unix/linux environment, but I am sorry, I
> have trouble deciphering the instructions for syntax. There aren't
> enough
> examples
Cool, thanks for reply. Next time i will check AnonCVS before.
Best Regards Simon
On Thu, Jan 21, 2021 at 08:41:45PM +0100, Martijn van Duren wrote:
> On Thu, 2021-01-21 at 19:56 +0100, Simon Parrer wrote:
> > Hello together,
> > maybe any one can say me if there are changes on doas?
> > I ask bec
On Thu, 2021-01-21 at 19:56 +0100, Simon Parrer wrote:
> Hello together,
> maybe any one can say me if there are changes on doas?
> I ask because my doas say Abort trap when i try to use it with sysupgrade or
> pkg_add -u.
> I do sysupgrade to OpenBSD 6.8-current (GENERIC.MP) #285: Wed Jan 20 17:3
Hi,
Hiltjo Posthuma wrote on Fri, Dec 20, 2019 at 12:40:14AM +0100:
> On Thu, Dec 19, 2019 at 02:03:19PM -0700, andrej wrote:
>> On the note of accurate documentation; how about adding the actually
>> defined timeout for persist rather than the "some time"?
> Sometimes there is a reason implemen
On Thu, Dec 19, 2019 at 02:03:19PM -0700, andrej wrote:
> Hi Ted,
>
> On the note of accurate documentation; how about adding the actually defined
> timeout for persist rather than the "some time"?
>
>
> Cheers,
> Andrej
>
>
>
> --
> Sent from: http://openbsd-archive.7691.n7.nabble.com/openbs
Hi Ted,
On the note of accurate documentation; how about adding the actually defined
timeout for persist rather than the "some time"?
Cheers,
Andrej
--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
On Mon, Jan 21, 2019 at 11:06:58AM +0100, Dariusz Sendkowski wrote:
> I applied this patch, as is, to the stable sources and it works now.
> Thanks.
>
>
I've tested this patch too on 6.4 on amd64 and it seems fixed now.
Thanks Ted for the patch :)
A quick little program to reproduce the issue
I applied this patch, as is, to the stable sources and it works now.
Thanks.
pon., 21 sty 2019 o 06:03 Ted Unangst napisał(a):
> Ted Unangst wrote:
> > Dariusz Sendkowski wrote:
> > > Yes, it does.
> > >
> > > I extracted 'unveilcommands' function from doas.c and put it into a
> > > standalone
Ted Unangst wrote:
> Dariusz Sendkowski wrote:
> > Yes, it does.
> >
> > I extracted 'unveilcommands' function from doas.c and put it into a
> > standalone program to run it.
> > It turned out the result was the same as in doas command. When I disable
> > unveil, then it works fine.
>
> This diff
Dariusz Sendkowski wrote:
> Yes, it does.
>
> I extracted 'unveilcommands' function from doas.c and put it into a
> standalone program to run it.
> It turned out the result was the same as in doas command. When I disable
> unveil, then it works fine.
This diff should fix the problem.
Index: ker
Yes, it does.
I extracted 'unveilcommands' function from doas.c and put it into a
standalone program to run it.
It turned out the result was the same as in doas command. When I disable
unveil, then it works fine.
niedz., 20 sty 2019 o 22:31 Ted Unangst napisał(a):
> Dariusz Sendkowski wrote
Dariusz Sendkowski wrote:
> I investigated the problem a little more and found, that when there is a
> non-existent directory entry in my PATH, the problem occurs. If all of the
> directories from my PATH exist, then it works fine.
To help isolate the problem, if you disable unveil, does it work?
I investigated the problem a little more and found, that when there is a
non-existent directory entry in my PATH, the problem occurs. If all of the
directories from my PATH exist, then it works fine.
niedz., 20 sty 2019 o 12:00 Dariusz Sendkowski
napisał(a):
> This is -stable 6.4.
> doas.conf:
This is -stable 6.4.
doas.conf:
permit nopass myuser as root
On Sun, 20 Jan 2019 at 11:50, Hiltjo Posthuma
wrote:
> On Sun, Jan 20, 2019 at 11:15:38AM +0100, Dariusz Sendkowski wrote:
> > Hi,
> >
> > Calling 'doas' in a loop makes the machine hang.
> > I guess this is not an expected behavior
On Sun, Jan 20, 2019 at 11:15:38AM +0100, Dariusz Sendkowski wrote:
> Hi,
>
> Calling 'doas' in a loop makes the machine hang.
> I guess this is not an expected behavior.
> It can be checked by executing the following simple bash script:
>
> for i in {0..2}
> do
> doas ls some_dir
> done
>
>
Known bug. Use full path until it's fixed.
On 23 April 2018 at 17:19, Philip Guenther wrote:
> On Mon, Apr 23, 2018 at 4:53 PM, Rudolf Sykora
> wrote:
>>
>> I expected that
>>
>> doas id -ru
>>
>> would return my uid.
>>
>> But it returns 0 (ie root)
>>
>> Can anybody comment on it?
>
>
> Hmm, what led you to expect it to return your UID?
On Mon, Apr 23, 2018 at 4:53 PM, Rudolf Sykora
wrote:
> I expected that
>
> doas id -ru
>
> would return my uid.
>
> But it returns 0 (ie root)
>
> Can anybody comment on it?
>
Hmm, what led you to expect it to return your UID?
doas, like su, sets both the effective and real UID to the target u
Hello Nam,
On Sun 13/08/2017 18:09, Nam Nguyen wrote:
If you are trying to avoid that message:
/home/just22/.exrc: not sourced: not owned by you
It could be that you are in that in your home directory and vi is trying
to read the local .exrc script on startup.
In vi(1):
exrc, ex [off]
Read
If you are trying to avoid that message:
> /home/just22/.exrc: not sourced: not owned by you
It could be that you are in that in your home directory and vi is trying
to read the local .exrc script on startup.
In vi(1):
> exrc, ex [off]
> Read the startup files in the local directory.
To turn off
What is the larger problem you are trying to solve?
Thanks,
--
Raul
On Sun, Aug 13, 2017 at 9:19 AM, Alessandro DE LAURENZIS
wrote:
> Dear misc@ readers,
>
> I was wondering what you normally do when running vi with doas if a .exrc
> file is present in the normal user $HOME.
>
> "doas /usr/bi
Understood (though in this case it looks unfinished when 99% of the
implementation is already present).
In any case you have answered my original question. Thanks, Ted.
On Tue, 14 Mar 2017 18:29:25 -0400
"Ted Unangst" wrote:
> bytevolc...@safe-mail.net wrote:
> > I'm not saying "you must do eve
bytevolc...@safe-mail.net wrote:
> I'm not saying "you must do everything my way or else", but rather I
> am trying to understand the reasoning behind making this hardcoded and
> fixed, as opposed to being admin-settable; maybe something is planned
> here I am unaware of?
We're trying to keep the
>From what I have read, it appears to be 15 minutes on some systems and
30 minutes on others, and this can be adjusted by the admin without
having to recompile the code.
I'm not saying "you must do everything my way or else", but rather I
am trying to understand the reasoning behind making this ha
bytevolc...@safe-mail.net wrote:
> On one box I test configuration edits and backups, I find myself using
> doas around once every 7-9 minutes, exceeding the 5 minute limit.
> Another box is basically a gateway, so I don't exceed 2 minutes between
> doas runs.
The timeout was originally 10 minutes
On one box I test configuration edits and backups, I find myself using
doas around once every 7-9 minutes, exceeding the 5 minute limit.
Another box is basically a gateway, so I don't exceed 2 minutes between
doas runs.
It would be nice to have the option of deviating from the default, and
the "pe
I'll ask the question: Why are you sure you need that?
> Are there plans (or perhaps code already being worked on) to allow
> doas(1) 'persist' to have a different time other than 5 minutes? I am
> thinking of writing a patch for this, but I do not want to duplicate
> effort if the devs have other
On 2016-12-15, Ax0n wrote:
> I don't know how doas is keeping track of a session.
It's using a kernel "verified auth" feature. See tty(4) :
TIOCCHKVERAUTH void
Check the verified auth status of this session. The calling
process must have the same real user ID an
On 15 December 2016 at 10:42, trondd wrote:
> On Thu, December 15, 2016 12:28 pm, Ax0n wrote:
>> I don't know how doas is keeping track of a session. If it's by
>> interactive
>> tty session only, that could cause problems with non-interactive scripts.
>> I'll let someone closer to the code answer
On Thu, December 15, 2016 12:28 pm, Ax0n wrote:
> I don't know how doas is keeping track of a session. If it's by
> interactive
> tty session only, that could cause problems with non-interactive scripts.
> I'll let someone closer to the code answer that question.
>
It's tied to the shell.
http://
I don't know how doas is keeping track of a session. If it's by interactive
tty session only, that could cause problems with non-interactive scripts.
I'll let someone closer to the code answer that question.
On Thu, Dec 15, 2016 at 11:25 AM, jungle Boogie
wrote:
> On 15 December 2016 at 09:21, A
On 15 December 2016 at 09:21, Ax0n wrote:
> In -CURRENT, doas.conf has a "persist" keyword that will only prompt once
> per session. This isn't available in OpenBSD 6.0, but should work when 6.1
> is released. Here's a fairly minimal rule that would allow wheel group users
> to do whatever they wa
For now, you may want to use the "nopass" keyword and set up
highly-restrictive rules. The last matching rule determines the action
taken, so you can have more general rules up top, and more specific ones
that don't require a password toward the end. For example, my wireless
network manager script
On Fri, 19 Feb 2016 13:45:28 -0700, "Todd C. Miller" wrote:
> On Wed, 13 Jan 2016 11:17:55 -0500, Philippe Meunier wrote:
>
> > By the way, while playing with which(1) and doas(1) and $PATH, I
> > managed to get which(1) to core dump, twice, although I have not been
> > able to reproduce it relia
On Wed, 13 Jan 2016 11:17:55 -0500, Philippe Meunier wrote:
> By the way, while playing with which(1) and doas(1) and $PATH, I
> managed to get which(1) to core dump, twice, although I have not been
> able to reproduce it reliably.
The crash in which was fixed recently.
- todd
Philippe Meunier wrote:
> The same thing happens if I first move foo to / and add / at the
> beginning of $PATH, so it's not a permission problem with
> /home/meunier/bin, and foo itself has permissions 777.
> If I first move foo to /bin then doas(1) finds foo without problem.
5.8 was a little too
I do not see keepenv in your doas.conf
--
Raul
On Wed, Jan 13, 2016 at 11:17 AM, Philippe Meunier wrote:
> Hello,
>
> Could someone be kind enough to explain to me the cause of the
> following?
>
> $ cat /home/meunier/bin/foo
> #!/bin/ksh
> echo "it works!"
> $ /usr/bin/which foo
> /home/meuni
pachl wrote:
> Other than compatibility with `sudo -s`, what are the benefits of
> `doas -s`?
According to the CVS log:
"Add doas -s as a shorthand for doas $SHELL. ok tedu" (by nicm)
ref:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/doas.c?rev=1.8&cont
ent-type=text/x-cvsweb-markup
On Fri, 25 Sep 2015 02:09:40 +0900 Joel Rees wrote:
> At any rate, I have convinced myself that doas follows the manual page
> in preserving the calling user's key environment variables, including
> HOME and USER.
>
> I had not grasped that this was considered desired behavior, so did
> not initi
At any rate, I have convinced myself that doas follows the manual page
in preserving the calling user's key environment variables, including
HOME and USER.
I had not grasped that this was considered desired behavior, so did
not initially read it that way. I still think the man page is a little
con
Ahem. Dmesg below. (Sorry about that.)
On Wed, Sep 23, 2015 at 8:29 AM, Joel Rees wrote:
> Thank you, Dan, Ben, and Frank. I see that I have left out some
> important information:
>
> user2 is specified as a non-login class of user in /etc/login.conf,
> auth=reject: shell=/sbin/nologin, and has a
Thank you, Dan, Ben, and Frank. I see that I have left out some
important information:
user2 is specified as a non-login class of user in /etc/login.conf,
auth=reject: shell=/sbin/nologin, and has a default shell of
/sbin/nologin in /etc/passwd .
On Tue, Sep 22, 2015 at 5:41 PM, Joel Rees wrote:
On Tue, 22 Sep 2015 17:41:57 +0900
Joel Rees wrote:
> I have this rule in doas.conf:
>
> permit nopass user1 as user2
>
> As user1, I try this at the command line:
>
> doas -u user2 whoami
>
> and it tells me I am user2, as I expect. And
>
>doas -u user2 ls
>
> tells me I don't
On Tue, 22 Sep 2015 17:41:57 +0900 Joel Rees wrote:
> I have this rule in doas.conf:
>
> permit nopass user1 as user2
>
> As user1, I try this at the command line:
>
> doas -u user2 whoami
>
> and it tells me I am user2, as I expect. And
>
>doas -u user2 ls
>
> tells me I don't h
On 20 September 2015 at 14:51, Theo Buehler wrote:
> On Sat, Sep 19, 2015 at 02:19:19PM +0100, Toby Slight wrote:
> > I'm trying to let my user shutdown, reboot and suspend the computer
> without
> > entering a password. This is my doas.conf:
> >
> > permit keepenv { ENV PS1 SSH_AUTH_SOCK } :whee
On Sat, Sep 19, 2015 at 02:19:19PM +0100, Toby Slight wrote:
> I'm trying to let my user shutdown, reboot and suspend the computer without
> entering a password. This is my doas.conf:
>
> permit keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel
> permit nopass toby as root cmd /sbin/shutdown
> permit nopas
On Sat, 19 Sep 2015 10:50:31 -0400
"Ted Unangst" wrote:
> Toby Slight wrote:
> > Hi there,
> >
> > I just started getting to know doas a bit, and am already stumped
> > (pretty typical for me..).
> >
> > I'm trying to let my user shutdown, reboot and suspend the computer
> > without entering a
Toby Slight wrote:
> Hi there,
>
> I just started getting to know doas a bit, and am already stumped (pretty
> typical for me..).
>
> I'm trying to let my user shutdown, reboot and suspend the computer without
> entering a password. This is my doas.conf:
>
> permit keepenv { ENV PS1 SSH_AUTH_SOC
tedu wrote:
> If you'd like to try current, it should work better for you.
Confirmed working as expected; thanks for the assistance.
Hopefully someone else will benefit from this change as well.
--avj
Adam Jeanguenat wrote:
> tedu wrote:
> > doas allows PATH to be inherited, but resets it for itself to a
> > limited set. this was so that e.g., "permit :wheel cmd ls" can't
> > be tricked by creating a symlink ls -> /bin/sh. however, if there
> > are no restrictions on the command, then the restri
tedu wrote:
> doas allows PATH to be inherited, but resets it for itself to a
> limited set. this was so that e.g., "permit :wheel cmd ls" can't
> be tricked by creating a symlink ls -> /bin/sh. however, if there
> are no restrictions on the command, then the restriction probably
> doesn't need to
Adam Jeanguenat wrote:
> I'm not sure where I'm going wrong here, but I've been giving doas(1)
> a whirl and ran into something that's left be a bit puzzled.
>
> I have some scripts in ~/bin, and my user account has PATH set
> as desired. I can run things out of that dir as expected without
> invo
2015-07-28 12:34 GMT+03:00 Zé Loff :
> Hi all
>
> On yesterday's amd64 -current (#1201), if PATH is added to the keepenv
> list in doas.conf, e.g.
>
> permit keepenv { ENV PATH PKG_PATH PS1 SSH_AUTH_SOCK } :wheel as root
>
> when attempting to run an inexistent command, doas segfaults instead of
88 matches
Mail list logo
