I have this rule in doas.conf:
permit nopass user1 as user2
As user1, I try this at the command line:
doas -u user2 whoami
and it tells me I am user2, as I expect. And
doas -u user2 ls
tells me I don't have permission. I kind of expect this.
I'm looking for a way to do the equivalent of
sudo -u user2 -s "cd; ls"
I don't see a way to do this with doas, at least not without a short
intermediary script, which script is not going to be able to do cd ~/.
Should I assume that doas is not intended to do this sort of thing?
(And therefore do things "right" by setting up ssh with public-key
authentication to do the user switch?)
(Or go all out and set up chroot to run an instance of X11 and firefox? ;-/
)
Joel Rees
Computer memory is just fancy paper,
CPUs just fancy pens.
All is a stream of text
flowing from the past into the future.
