Source: opendoas
Version: 6.8.2-1
Severity: normal
X-Debbugs-Cc: [email protected]

Dear Maintainer,

The example config file found in /usr/share/doc/opendoas/examples contains the
following lines:

----8<------
# Permit members of the sudo group to perform actions as root.
permit :sudo
----8<------

While in itself the comment is true, it's also misleading in that the rule
allows the members of
the sudo group to perform actions as *all users*, not just root. This as per
the doas.conf manual page:

----8<------
    as target    The target user the running user is allowed to run the command
as.  The default is all users.
----8<------

Therefore I suggest to replace the 'as root' part of the comment in question by
'as all users'.


-- System Information:
Debian Release: bookworm/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug'), (500, 
'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 
'unstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-3-amd64 (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, 
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply via email to