On Sat, Sep 19, 2015 at 02:19:19PM +0100, Toby Slight wrote:
> I'm trying to let my user shutdown, reboot and suspend the computer without
> entering a password. This is my doas.conf:
>
> permit keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel
> permit nopass toby as root cmd /sbin/shutdown
> permit nopass toby as root cmd /sbin/reboot
> permit nopass toby as root cmd /usr/sbin/zzz
>
> I can suspend successfully, but attempting to shutdown or reboot, returns:
>
> ksh: shutdown: cannot execute - Permission denied
tedu already answered your question. Nevertheless let me add two
points:
1. It looks like your user toby belongs to the group wheel, so you can
communicate to /var/run/apmdev and hence you don't need further
special privileges to run apm(8) or zzz(8).
2. If you add your user to the 'operator' group, you can run
shutdown(8) without entering a password as well, so
$ shutdown -r now
will reboot your box and you can halt with `-ph' instead of `-r'.
Thus, the only `doas nopass' rule that is actually needed is the
/sbin/reboot one, should you still want it in view of point 2.
