1. 29

  2. 5

    Also see (Linux, etc.):


    I love it just because it’s so much easier to configure than sudo.

    1. 2

      I wish there were a way to specify wildcards with args.

      1. 4

        I think it would make it easier to accidentally do really dangerous things. So maybe that’s why it doesn’t have such a way.

        1. 3

          You mean like that?

          % grep umount /usr/local/etc/doas.conf /usr/local/etc/sudoers
          /usr/local/etc/doas.conf:  permit nopass :network as root cmd umount
          /usr/local/etc/sudoers:%network ALL = NOPASSWD: /sbin/umount -f *

          When you specify the doas(1) rule as below:

          permit nopass :network as root cmd umount

          You are permitting to use umount(8) with all possible arguments (or without them).

          1. 1

            As a general rule, if you see * in a sudoers file, there’s probably a privilege escalation issue of some sort. Before the glob is matched, the program arguments are concatenated with spaces, this means that permitting “rm /foo/bar/baz/*” actually also permits “rm /foo/bar/baz/nonexistent /any/file/you/like” and there’s no way to fix it.

            doas allows you to either specify a program (for which any arguments are permitted) or a program and a (optionally empty) list of arguments which must be passed verbatim. It’s incredibly difficult to provide much more flexibility than this. You will need a configuration file syntax to distinguish between string literals, globs (or regular expressions), repeating arguments, etc and how they are split. Once your configuration file syntax is sufficiently complex, you now have to document it for end users. At this point I think you will likely have the same issue that sudoers has, you need a long manpage to explain the syntax which nobody reads and as a result nobody understands the intricacies of.

            I genuinely believe it’s less likely you will shoot yourself in the foot if you wrap whatever operation it is you need to perform with a simple python or similar (or sh/bash but only if you know what you’re doing) script which takes arguments and sanitizes them. You can refer to this script in your doas.conf.