Closed nekopsykose closed 2 years ago
update: reproduced on latest master, without the alpine patch, built with:
./configure \
--prefix=/usr \
--without-pam \
--with-timestamp
make
make install
ah, reading the manpage again:
The last matching rule determines the action taken. If no rule matches, the action is denied.
i guess it's not actually an error then, and this behaviour is intended. oh well..
example:
(placing the nopass root before the persist :wheel makes it not apply anymore, and root still needs a password to doas as others)
i noticed this a while ago, but i didn't realise it might be a bug until another user reported something similar on the alpine mailing list: https://lists.alpinelinux.org/~alpine/users/%3CYlzPobImpOvbm01m%40ws%3E
(version 6.8.2, from alpine edge, in my case. it does contain our doas.d patch, so maybe that breaks it, i did not check vanilla doas yet)