On Wed, Feb 03, 2021 at 09:23:48PM +0000, James Cook wrote: > On Wed, Feb 03, 2021 at 07:24:08PM +0000, Stuart Henderson wrote: > > On 2021/02/03 17:39, James Cook wrote: > > > Hi ports@, > > > > > > Summary: I suggest the section at > > > https://www.openbsd.org/faq/ports/ports.html#PortsConfig > > > should include some additional text like the following: > > > > > > You will need to configure doas to pass the TRUSTED_PKG_PATH variable > > > when running /usr/sbin/pkg_add. Adding the "nopass" option for > > > certain commands can help reduce the number of times a password needs > > > to be entered. For example, add the following to doas.conf(5), > > > replacing "myuser" with your username: > > > > > > permit nopass myuser cmd /usr/bin/touch > > > permit nopass setenv { TRUSTED_PKG_PATH TERM } myuser cmd > > > /usr/sbin/pkg_add > > > permit nopass setenv { TERM } myuser cmd /usr/sbin/pkg_delete > > > > Let's not go down the 'try to evaluate every variable' path again, > > keepenv is the way to go, we have spent much time figuring out weird > > bugs from missing variables in the past when we have tried to > > evaluate them. > > > > If you are going to allow pkg_add with "nopass" you might just as well > > write "permit nopass myuser". An account which can run pkg_add as root > > has full control of the system. > > I don't have strong opinions about that. My point is just that the > current documentation left me with a setup that didn't work. > > How about recommending keepenv instead, if that's better?
I think sthen@ may have been a little too subtle about what a giant footgun your proposal is. "permit nopass myuser" is equivalent to myuser being root and you might as well run everything as root then and toss out all security considerations that come from logging in as a non-root user. This has no place in the FAQ in my opinion. > > -- > James >
