Skip to content

Draft: main/doas: world readable doas.d, for testing/doasedit: new aport

Rosie Keith Languet requested to merge (removed):doasedit into master

I am currently packaging a doasedit, and it appears that the current permissions on /etc/doas.d/ (set by commit 169b082f) break the doas -C $doas.d $prog feature - or rather makes it a feature that can only be used by root.

This MR reverts 169b082f and updates the doas.post-* scripts to chmod existing configs.

This MR also contains the new doasedit, although this can be split off on it's own of course.

More detailed Background:

I've created an /etc/doas.d/doasedit.conf with contents:

permit :wheel cmd doasedit

But when I run $ doas -C /etc/doas.d doasedit I get the error:

doas: could not open config directory /etc/doas.d: Permission denied

Once I've ran # chmod o+rx /etc/doas.d the error is resolved.

At that point $ doas -C /etc/doas.d doasedit reports:

permit

Whereas $ doas -u guest doas -C /etc/doas.d doasedit reports:

deny

Edited by Rosie Keith Languet

Merge request reports