On 2017/02/14 16:56, Paul de Weerd wrote:
> On Tue, Feb 14, 2017 at 04:29:56PM +0100, Sebastian Benoit wrote:
> | > Is this a bug in doas or in the manpage?
> |
> | The -n option helps to use doas non-interactively.
> | Its debateable wether 'persist' is useful with non-interactive usage, but
> | this fixes it:
>
> Thanks Benno, I'll test it later tonight.
>
> On the 'debateable' bit... My use case is a script that starts with
>
> > doas true || exit
> > doas -n true || { echo "please use persist" >&2; exit; }
> > ...
> > (rest of script with a couple of doas invocations)
>
> Since the doas from the shell session doesn't persist into the script,
> I try to get 'doas' authentication and then want to test whether it's
> now OK to run doas commands without prompting the user for their
> password. Now my script only elevates privileges with doas when
> necessary (but without prompting for passwords), which I think is
> better than simply `doas ${SCRIPT}` (which would run the entire script
> as root).
>
> If there's a better approach here, I'm keen on hearing about it.
Is it something where you could start the script as root and drop to a
different user?
