2015-07-30 13:26 GMT+03:00 Theo Buehler <t...@math.ethz.ch>: > This is a follow-up to a recent discussion on misc@: > https://marc.info/?t=143800094500002&r=1&w=2 > > I suggest two small changes to the example in doas.conf(5): > > a. make it explicit that the rule allows the users in group wheel to > run commands as any user (not just root). > > b. modify the rule to restrict tedu's use of procmap to root only in > order to match the description of the rule's purpose. > > Index: usr.bin/doas/doas.conf.5 > =================================================================== > RCS file: /cvs/src/usr.bin/doas/doas.conf.5,v > retrieving revision 1.13 > diff -u -p -r1.13 doas.conf.5 > --- usr.bin/doas/doas.conf.5 27 Jul 2015 21:44:11 -0000 1.13 > +++ usr.bin/doas/doas.conf.5 30 Jul 2015 10:14:49 -0000 > @@ -105,7 +105,7 @@ it isn't considered a keyword. > .El > .Sh EXAMPLES > The following example permits users in group wsrc to build ports, > -wheel to execute commands as root while keeping the environment > +wheel to execute commands as any user while keeping the environment > variables > .Ev ENV , > .Ev PS1 , > @@ -122,7 +122,7 @@ permit nopass keepenv { \e > PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \e > SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc > permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel > -permit nopass tedu cmd /usr/sbin/procmap > +permit nopass tedu as root cmd /usr/sbin/procmap > .Ed > .Sh SEE ALSO > .Xr doas 1
Committed, thanks! -- WBR, Vadim Zhukov
