Closed nyxnor closed 2 years ago
nyxnor
commented
2 years ago sudo for torrc because it is owned by root will become doas cmd.
sudo -u "${TOR_USER}" for "${DATA_DIR}" will become doas -u "${TOR_USER}"
It seems an easy change but need to test to be sure.
nyxnor
commented
2 years ago in /etc/doas.conf:
permit nopass keepenv :whell
permit $my_usernameI obviously need to harden this, but, it is up to the user have their doas.conf and sudoers.conf already pre-configured. It is not possible to automate that because it needs root access and hopefully a password.
nyxnor
commented
2 years ago Doas is not working with usermod.
$ cat /etc/doas.conf
permit nopass keepenv root
$ doas -C /etc/doas.conf usermod
permit nopass
$ doas usermod
doas: usermod: command not found
$ cat /etc/sudoers
root ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command
$ sudo usermod
Usage: usermod [options] LOGIN
Options:
-b, --badnames allow bad names
-c, --comment COMMENT new value of the GECOS field
[ rest of output omitted to be thin ]I have to explicitly specify usermod or any program in the /usr/sbin folder, this has to be fixed somehow with a better config than this:
permit keepenv setenv { PATH } root as root
permit keepenv setenv { PATH } nyxnor as root
permit nyxnor as root cmd usermodNginx and Apache are installed to /usr/sbin on debian this means they are not detected correctly.
I need to find out if this is an error on debian or my doas.conf, so spawning a OpenBSD machine soon.
nyxnor
commented
2 years ago with permit persist nyxnor on OpenBSD, doas usermod works, this shows that the doas problem is on debian, not the doas per se.
nyxnor
commented
2 years ago the problem is on debian, working fine with persistance on openbsd
Is your feature request related to a problem? Please describe.
Sudo works but it is not hardened, I want the best. BSDs prefer doas, so should I.
Describe the solution you'd like
Additional context
At the moment, there are many occurrences.