On 10:42 Wed 31 Oct, Markus Rosjat wrote: > Hi all, > > just something I notice while trying out stuff with doas and my python > scripts. If you do a mistake and have a syntax error in the doas.conf file > you can easily look you self out from root privilages :( > > consider a a case where your root has no pw, you are the guy in the wheel > group and of course you have only this line > > permit persist keepenv :wheel > > so far everything is peachy ok we are going to add a new line > > permit nopass foo as root cmt /root/scripts/dosomething > > and we save it ... ups we did a mistake an like to fix it, no worries we can > ... or cant we? > > doas vi /etc/doas.conf > > doas: syntax error at line 15 > > > at this point you are a bit screwed because you cant edit the doas.conf you > cant reboot you only way seems to be a switch off. Ok maybe there other was > but hey I'm no pro Im a simple user and its a vm so switch it off. Boot in > single user mode, make a fsck because , mount the patritions, export the > TERM var so yu get a vi. Well seems we are back in business but no we cant > edit /etc/doas.conf. Doesnt matter we came so far we simply copy the exmaple > to /etc and be done with it. At that point 5 to 10 min of your life is > wasted with silly stuff but you may have learn at least one thing ... read > again what you just wrote before you save it :) > > > Have a nice day list :) and happy helloween
Well, that's why we have sudoedit. With doas your are forced to $ doas cp -p /etc/doas.conf /etc/doas.conf.new $ doas vi /etc/doas.conf.new $ doas -C /etc/doas.conf.new $ doas mv /etc/doas.conf.new /etc/doas.conf