Closed nyxnor closed 2 years ago
sudo
for torrc
because it is owned by root will become doas cmd
.
sudo -u "${TOR_USER}"
for "${DATA_DIR}"
will become doas -u "${TOR_USER}"
It seems an easy change but need to test to be sure.
in /etc/doas.conf
:
permit nopass keepenv :whell
permit $my_username
I obviously need to harden this, but, it is up to the user have their doas.conf and sudoers.conf already pre-configured. It is not possible to automate that because it needs root access and hopefully a password.
Doas is not working with usermod.
$ cat /etc/doas.conf
permit nopass keepenv root
$ doas -C /etc/doas.conf usermod
permit nopass
$ doas usermod
doas: usermod: command not found
$ cat /etc/sudoers
root ALL=(ALL:ALL) ALL
%sudo ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command
$ sudo usermod
Usage: usermod [options] LOGIN
Options:
-b, --badnames allow bad names
-c, --comment COMMENT new value of the GECOS field
[ rest of output omitted to be thin ]
I have to explicitly specify usermod or any program in the /usr/sbin
folder, this has to be fixed somehow with a better config than this:
permit keepenv setenv { PATH } root as root
permit keepenv setenv { PATH } nyxnor as root
permit nyxnor as root cmd usermod
Nginx and Apache are installed to /usr/sbin
on debian this means they are not detected correctly.
I need to find out if this is an error on debian or my doas.conf, so spawning a OpenBSD machine soon.
with permit persist nyxnor
on OpenBSD, doas usermod
works, this shows that the doas problem is on debian, not the doas per se.
the problem is on debian, working fine with persistance on openbsd
Is your feature request related to a problem? Please describe.
Sudo works but it is not hardened, I want the best. BSDs prefer doas, so should I.
Describe the solution you'd like
Additional context
At the moment, there are many occurrences.