Did you try this?
permit keepenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } "as"
permit "as" as root cmd /sbin/halt
On Thu, Jan 28, 2016 at 03:55:12PM +0100, bian wrote:
> doas(1) throws a syntax error on what should be a valid doas.conf. There are
> two users on this system -- as and aas. The examples below shows two valid
> doas.conf with the respective output after running the command as the logged
> in user.
>
> The documentation doesn't indicate how to get around the problem of using
> doas for a user name 'as'.
>
> Best regards
> /birger
>
>
> --- /etc/doas.conf 1 ---
>
> permit keepenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } as
>
> permit as as root cmd /sbin/halt
>
> ...
>
> $ doas halt
> syntax error at line 1
> syntax error at line 3
> $
>
>
> --- /etc/doas.conf 2 ---
>
> permit keepenv { PKG_PATH ENV PS1 SSH_AUTH_SOCK } aas
>
> permit aas as root cmd /sbin/halt
>
> ...
>
> $ doas halt
> doas ([email protected]) password:
>
>
> ::::::::::
>
> OpenBSD 5.9-beta (GENERIC.MP) #1863: Sun Jan 24 21:35:42 MST 2016
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 4139388928 (3947MB)
> avail mem = 4009746432 (3823MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe9f80 (88 entries)
> bios0: vendor Hewlett-Packard version "786G1 v01.16" date 03/05/2009
> bios0: Hewlett-Packard HP Compaq dc7900 Convertible Minitower
> acpi0 at bios0: rev 0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC ASF! MCFG TCPA SLIC HPET DMAR
> acpi0: wakeup devices COM1(S4) COM2(S4) PCI0(S4) PEG1(S4) PEG2(S4) IGBE(S4)
> PCX1(S4) PCX2(S4) PCX5(S4) PCX6(S4) HUB_(S4) USB1(S3) USB2(S3) USB3(S3)
> USB4(S3) USB5(S3) [...]
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz, 3159.13 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
> cpu0: 6MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
> cpu0: apic clock running at 332MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz, 3158.76 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
> cpu1: 6MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 24 pins
> ioapic0: misconfigured as apic 0, remapped to apid 1
> acpimcfg0 at acpi0 addr 0xf4000000, bus 0-63
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (PEG1)
> acpiprt2 at acpi0: bus -1 (PEG2)
> acpiprt3 at acpi0: bus 32 (PCX1)
> acpiprt4 at acpi0: bus -1 (PCX2)
> acpiprt5 at acpi0: bus 48 (PCX5)
> acpiprt6 at acpi0: bus -1 (PCX6)
> acpiprt7 at acpi0: bus 7 (HUB_)
> acpicpu0 at acpi0: !C2(500@17 mwait.3@0x10), C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: !C2(500@17 mwait.3@0x10), C1(1000@1 mwait.1), PSS
> acpibtn0 at acpi0: PBTN
> cpu0: Enhanced SpeedStep 3159 MHz: speeds: 3166, 1998 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Q45 Host" rev 0x03
> ppb0 at pci0 dev 1 function 0 "Intel Q45 PCIE" rev 0x03: msi
> pci1 at ppb0 bus 1
> radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 2600 XT" rev 0x00
> drm0 at radeondrm0
> radeondrm0: msi
> "Intel Q45 HECI" rev 0x03 at pci0 dev 3 function 0 not configured
> pciide0 at pci0 dev 3 function 2 "Intel Q45 PT IDER" rev 0x03: DMA
> (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
> pciide0: using apic 1 int 18 for native-PCI interrupt
> pciide0: channel 0 ignored (not responding; disabled or no drives?)
> pciide0: channel 1 ignored (not responding; disabled or no drives?)
> puc0 at pci0 dev 3 function 3 "Intel Q45 KT" rev 0x03: ports: 1 com
> com4 at puc0 port 0 apic 1 int 17: ns16550a, 16 byte fifo
> com4: probed fifo depth: 15 bytes
> em0 at pci0 dev 25 function 0 "Intel ICH10 D BM LM" rev 0x02: msi, address
> 00:24:81:1f:f4:91
> uhci0 at pci0 dev 26 function 0 "Intel 82801JD USB" rev 0x02: apic 1 int 20
> uhci1 at pci0 dev 26 function 1 "Intel 82801JD USB" rev 0x02: apic 1 int 21
> uhci2 at pci0 dev 26 function 2 "Intel 82801JD USB" rev 0x02: apic 1 int 22
> ehci0 at pci0 dev 26 function 7 "Intel 82801JD USB" rev 0x02: apic 1 int 22
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> azalia0 at pci0 dev 27 function 0 "Intel 82801JD HD Audio" rev 0x02: msi
> azalia0: codecs: Analog Devices AD1884A
> audio0 at azalia0
> ppb1 at pci0 dev 28 function 0 "Intel 82801JD PCIE" rev 0x02: msi
> pci2 at ppb1 bus 32
> ppb2 at pci0 dev 28 function 4 "Intel 82801JD PCIE" rev 0x02: msi
> pci3 at ppb2 bus 48
> uhci3 at pci0 dev 29 function 0 "Intel 82801JD USB" rev 0x02: apic 1 int 20
> uhci4 at pci0 dev 29 function 1 "Intel 82801JD USB" rev 0x02: apic 1 int 21
> uhci5 at pci0 dev 29 function 2 "Intel 82801JD USB" rev 0x02: apic 1 int 22
> ehci1 at pci0 dev 29 function 7 "Intel 82801JD USB" rev 0x02: apic 1 int 20
> usb1 at ehci1: USB revision 2.0
> uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb3 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xa2
> pci4 at ppb3 bus 7
> pcib0 at pci0 dev 31 function 0 "Intel 82801JDO LPC" rev 0x02
> ahci0 at pci0 dev 31 function 2 "Intel 82801JD AHCI" rev 0x02: msi, AHCI 1.2
> ahci0: port 0: 3.0Gb/s
> ahci0: port 1: 1.5Gb/s
> ahci0: port 2: 3.0Gb/s
> ahci0: PHY offline on port 3
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0: <ATA, ST3500418AS, HP11> SCSI3 0/direct fixed
> naa.XXX
> sd0: 476940MB, 512 bytes/sector, 976773168 sectors
> cd0 at scsibus1 targ 1 lun 0: <hp, CDDVDW TS-H653R, 0E00> ATAPI 5/cdrom
> removable
> sd1 at scsibus1 targ 2 lun 0: <ATA, WDC WD5000AAKS-0, 01.0> SCSI3 0/direct
> fixed naa.XXX
> sd1: 476940MB, 512 bytes/sector, 976773168 sectors
> usb2 at uhci0: USB revision 1.0
> uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uhci1: USB revision 1.0
> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb4 at uhci2: USB revision 1.0
> uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb5 at uhci3: USB revision 1.0
> uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb6 at uhci4: USB revision 1.0
> uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb7 at uhci5: USB revision 1.0
> uhub7 at usb7 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> umass0 at uhub1 port 4 configuration 1 interface 0 "Generic USB2.0-CRW" rev
> 2.00/81.97 addr 2
> umass0: using SCSI over Bulk-Only
> scsibus2 at umass0: 2 targets, initiator 0
> sd2 at scsibus2 targ 1 lun 0: <Generic-, Compact Flash, 1.00> SCSI0 0/direct
> removable
> sd3 at scsibus2 targ 1 lun 1: <Generic-, SM/xD-Picture, 1.00> SCSI0 0/direct
> removable
> sd4 at scsibus2 targ 1 lun 2: <Generic-, SD/MMC, 1.00> SCSI0 0/direct
> removable
> sd5 at scsibus2 targ 1 lun 3: <Generic-, MS/MS-Pro/HG, 1.00> SCSI0 0/direct
> removable
> sd6 at scsibus2 targ 1 lun 4: <Generic-, SD/MMC/MS/MSPRO, 1.00> SCSI0
> 0/direct removable
> uhidev0 at uhub2 port 2 configuration 1 interface 0 "Logitech USB Optical
> Mouse" rev 2.00/43.01 addr 2
> uhidev0: iclass 3/1
> ums0 at uhidev0: 3 buttons, Z dir
> wsmouse0 at ums0 mux 0
> uhidev1 at uhub3 port 2 configuration 1 interface 0 "CHICONY HP Basic USB
> Keyboard" rev 1.10/3.00 addr 2
> uhidev1: iclass 3/1
> ukbd0 at uhidev1: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> vscsi0 at root
> scsibus3 at vscsi0: 256 targets
> softraid0 at root
> scsibus4 at softraid0: 256 targets
> root on sd0a (670a827b3bf9beaa.a) swap on sd0b dump on sd0b
> radeondrm0: 1920x1200
> wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
> wskbd1: connecting to wsdisplay0
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
>
