On Tue, Feb 14, 2017 at 09:00:37PM +0100, Otto Moerbeek wrote:
| > However, do you need to use -n in this case? You've set things up so that
the
| > first invocation asks for a password and then it relies on persist
throughout.
| > So leave off of the -n?
|
| Hmmmm, isn't that a big race condition? What if the script takes
| longer than the persists time?
In my case, the script has relatively short runtime and the persist
ticket lasts long enough. Otherwise you'd need to ensure to renew the
ticket more often to keep things going.
I've now moved to the following approach:
[ id -eq 0 ] || exec doas ${0}
which works well for me (and I can probably drop a few more
doas-to-unprivileged-user calls in there). Now my shell has a doas
ticket after completion of the script, but I can revoke that easily
(doas -L) if wanted.
Cheers,
Paul
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
