Closed Tunoac closed 2 years ago
There is no equivalent, I don't really want to add features not present in the upstream doas.
I don't see why setting the file to be readable is not "secure", you want your users to be able to see what commands they are allowed to be used, so there is no benefit to disallowing the users to read the configuration file.
In case of shell scripts using sudo/doas: sudo -l prints the allowed commands for the current user, to check if the script has all dependencies for running.
What is the equivalent in doas ? "doas -C /etc/doas.conf command" seems a start, and then check for "permit" and "nopass" in the output. But this works only if the doas config file is readable by the user - which is not the case at secure 0400 permissions...
not nice workarounds: