On Tue, Feb 14, 2017 at 02:56:01PM -0500, Ted Unangst wrote:
| Paul de Weerd wrote:
| > Well, in my case I can simply not use doas -n and ensure my script
| > works without prompting for passwords more than once (which is what I
| > care about). However, I have to say that doas works great in
| > scripting setups: it asks for a password once and then all subsequent
| > invocations of doas do not. Once the script ends, the process group
| > is gone and with it, the persist ticket. So, yeah, persist works
| > great for scripting.
|
| I must admit this usage is kind of strange, but that doesn't mean bad.
| Unexpected though. :)
|
| However, do you need to use -n in this case? You've set things up so that the
| first invocation asks for a password and then it relies on persist throughout.
| So leave off of the -n?
Yep, that's what I started that paragraph with. Works fine, I just
need to keep it in mind when distributing my script to other hosts
that may have differing doas.conf. Something I'd run into soon
enough, so leaving the -n check out is probably even beter :)
| Maybe I will think about this some more. The current design, where -n
| overrides persist, was deliberate. So it's not a "bug", but perhaps a wrong
| decision. I just don't want anyone to rush to fix it.
Re-reading the manpage knowing what I know now, I see what the 'would'
in "fail if doas would prompt for password" is supposed to mean.
Still, I believe it's a bit unclear (at least for non-native
speakers). However, I can't think of better phrasing (that's still
concise).
Thanks Ted!
Paul
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
