doas, su discussion

pfr · Dec 29, 2021

vazub
Well, I certainly don't need sudoedit for any of its sysadmin use cases. I personally use sudoedit over sudo vim because it preserves all of my plugins and customisations in my .vimrc, syntax highlighting being the main one.

This is why I was wanting to know if @rvp's sued script could mimic this functionality of copying the file to a user accessible directory for editing (with my tricked out vim config) and then move the file back into the system directory where it belongs.

vazub · Dec 29, 2021

pfr
The keepenv/setenv options in doas.conf should fix that need for you as well. Have a try: https://flak.tedunangst.com/post/doas-mastery

pfr · Dec 29, 2021

vazub
Excellent, I didn't know that. So would it look something like this:

permit setenv { EDITOR=vim } dave
OR
permit setenv { ENV=/home/dave/.vimrc } dave

OR, can I just set this for the wheel group with:

permit setenv { ENV=/home/dave/.vimrc } wheel ?

For keepenv however, would something like permit keepenv :wheel be sufficient?

Although, I read that "sometimes, there are situations where overwriting every environment variable can break things" so therefore keepenv may not be the best solution. Unless of course I could use it something like this:
permit keepenv dave cmd vim, which I assume would apply only to my user and the vim command respectively?

I will play around with this when I'm back at my machine (currently on my work laptop).

I may use this solution on my Void box as I still use doas there. On my NetBSD system however It would be handy if I could just continue to use the above sued scripts which simply utilises su and still preserve the user environment.

vazub · Dec 30, 2021

pfr

# echo 'permit nopass keepenv :wheel' >> /usr/pkg/etc/doas.conf

is typically all I need in terms of doas settings. It doesn't require password for users in wheel group and makes sure your environment is used. Yes, that means your .vimrc file will be used properly as intended - no need to play around setenv at all.

pfr · Dec 30, 2021

vazub Thanks!

I'm hesitant to allow nopass for the wheel... even though I am the only person who uses my machine. I suppose I feel like needing to enter a password will keep me from doing something I shouldn't (more time to think) haha

Rrvp · Dec 31, 2021

pfr I personally use sudoedit over sudo vim because it preserves all of my plugins and customisations in my .vimrc, syntax highlighting being the main one.

In that case this minimal version (which uses the -m flag of su) should be sufficient:

Minimal `sued.sh`

#!/bin/sh

set -eu
umask 077
rm -f /tmp/sued-helper.sh	# prevent any symlink shenanigans
echo 'exec /usr/bin/vi -S "$@"' > /tmp/sued-helper.sh
exec su -m root /tmp/sued-helper.sh "$@"

I"ve also updated the sudoedit work-alike script above.

pfr · Jan 3, 2022

rvp
That is awesome. Would you recomend using the sudoedit script oer the more minimal function?

Now I'm also wondering, rahter than put the suas function in a script in my PATH, should I just add it to .profile as well?
Will scripts be able to call suas this way?

Rrvp · Jan 3, 2022

pfr Would you recomend using the sudoedit script oer the more minimal function?

I recommend using the real thing

pfr Will scripts be able to call suas this way?

Shell functions won't do if you want run suas or sued from other scripts. I've just made the minimal sued into a script also for this reason.

pfr · Jan 4, 2022

rvp I recommend using the real thing

nahhhh, that little script is all I need. Thanks again!

However, I tried the longer version above (on Void Linux) and for some reason it doesn't like this line:

λ ~ ./sued.sh /usr/local/bin/ec                                                                                                                                                      
Password:
./sued.sh: 92: set: Illegal option -o pipefail

whether it has anything to do with linux or zsh I dont know but I'll test it on my Thonkpad later.

oui · Jan 4, 2022

pfr

pfr Thonkpad

This typo is beautiful.

Rrvp · Jan 4, 2022

pfr However, I tried the longer version above (on Void Linux) and for some reason it doesn't like this line

a) which wretched shell is this?
b) just remove that -o pipefail--the script doesn't do any piping now.

pin · Jan 4, 2022

rvp zsh

pfr · Jan 4, 2022

oui This typo is beautiful.

Actually its not a typo, I'm jut a funny guy

rvp a) which wretched shell is this?

zsh .... (returning to bash soon)

rvp b) just remove that -o pipefail--the script doesn't do any piping now.

Great, cheers.

The only downside I've found using onlu su so far is that there is no persist option and I am required to type my password every single time. Other than that, everything works as it should.

Rrvp · Jan 5, 2022

pfr zsh .... (returning to bash soon)

No, mate, not your interactive one. I meant the shell executed by the shebang. It can't be zsh 'cuz a shell which has the kitchen-sink, the baby and its bath-water is sure to have -o pipefail as well.

I would guess dash. Everything other modern shell (except in strict-POSIX mode) supports that option.

pin · Jan 5, 2022

rvp Sorry for jumping in again where I was not requested.
Yes, Void uses dash as the root shell.

Rrvp · Jan 5, 2022

pin Can you please move this little discussion to this thread where it belongs?

pin · Jan 5, 2022

rvp ~~Apparently I can't do that. I can select the messages to move but, I have no option to actually move them.~~

Sorry, done

pfr · Jan 5, 2022

rvp ahhh yes, I did not use my brain here.

pin Sorry for jumping in again where I was not requested.

You are always welcome to jump in, because you usually know whats going on in my system more than I do

pfr · Jan 6, 2022

rvp Minimal sued.sh

I've been using the earlier version you posted above
for a while anyway but will use this more minimal version for now.

Rrvp · Jan 7, 2022

pfr I've been using the earlier version you posted above

Ah, hell! I forgot to fix that version. Updated now.