[OT] VISUAL vs. EDITOR vs. vi [Was: Re: Utility to safely edit doas.conf]

[Raf Czlonka]

On Wed, Feb 28, 2018 at 06:08:42PM GMT, Tom Davis wrote:
> Additionally, as Martin Schröder pointed out, all editor calls
> should use $EDITOR, but in case a user doesn't have that
> defined, use
> 
> ${EDITOR:-vi}
> 

${VISUAL:-${EDITOR:-vi}}

... and everyone's happy :^)

Raf

Re: More useful: something like doasedit (was: Utility to safely edit doas.conf)

[Felix Maschek]

Hi,

possibly there is only some missing enlightenment for me.

How would you prevent that something like 'doas vi /etc/fstab' (which 
will run as root) doesn't offer the user to enter a root shell within vi 
(by typing '.sh')?


You may direct me to appropriate man pages.

Thank you!

Kind regards
Felix

On 28.02.2018 19:32, Michael Price wrote:
Perhaps I am just dense, but what problem does sudoedit solve that is 
not

easily solved with groups and chmod?

Michael

On Wed, Feb 28, 2018 at 12:57 PM Felix Maschek  
wrote:



Hi,

to prevent privilege escalation by allowing 'sudo vi' (simple by
invoking a shell from within vi) there is a special command 
'sudoedit'.

So far I can see this is missing currently if I use doas instead of
sudo.

So adding a similar command is more helpful to secure a system than
special editors for every config file.

Kind regards
Felix

On 28.02.2018 18:22, Frans Haarman wrote:
> I've wondered about the usefulness of something like 'rcctl edit
> bgpd'and a
> bgpd_conf=/etc/bgpd.conf in rc.conf.
>
> Together with a 'rcctl clone' creating rc.d/bgpd symlink and
> rc.conf.local
> flags.
>
> Might make it easier running multiple of the same daemons?
>
> Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
> bgpd confirm'.
>
> Just wondering out loud now :)
>
> Regards,
> Frans
>
> Op woensdag 28 februari 2018 heeft Theo de Raadt 
> het
> volgende geschreven:
>> Yeah.
>>
>> And I suppose we also need seperate programs for all the other files
>> in /etc?
>>
>> Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
>> visshd, vissh, etc
>>
>> After all, someone could create unsafe configurations, and lots of
> handholding
>> is needed everywhere, yes?
>>
>> I'm sorry, but I disagree.  The tooling already exists to let you do
>> this carefully.  It is up to people to use their brains. And your
>> script doesn't have any locking, so it is still error prone.
>>
>> I really don't see the point of these wrappers.
>>
>>> The following is a shell script to safely edit /etc/doas.conf so that
>>> you
> avoid locking yourself out with a bad config. I managed to do this
> myself,
> so thought it might be useful to a wider audience.
>>>
>>> It is inspired by the 'visudo' tool: it copies doas.conf to a
>>> temporary
> directory then opens it in vi. When you exit vi it checks the format of
> the
> config file, and if it passes then it will overwrite the original one
> then
> delete the copy. If it fails a warning is shown, and the file is
> re-opened
> for editing.
>>>
>>> It will not create /etc/doas.conf if it does not already exist (I
>>> could
> add a separate warning for this if needed).
>>>
>>> diff -u /dev/null usr.bin/doas/vidoas
>>> --- /dev/null2018-02-22 08:14:04.607259461 +
>>> +++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +
>>> @@ -0,0 +1,36 @@
>>> +#!/bin/sh
>>> +
>>> +# $OpenBSD$
>>> +#
>>> +# Copyright (c) 2018 Anthony Perkins 
>>> +#
>>> +# Permission to use, copy, modify, and distribute this software for
>>> any
>>> +# purpose with or without fee is hereby granted, provided that the
>>> above
>>> +# copyright notice and this permission notice appear in all copies.
>>> +#
>>> +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> WARRANTIES
>>> +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>>> +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
>>> LIABLE FOR
>>> +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
>>> DAMAGES
>>> +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
>>> AN
>>> +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
>>> OUT OF
>>> +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>>> +
>>> +doasconf=/etc/doas.conf
>>> +tempfile=$(mktemp -t doas. || exit 1)
>>> +if [ -w $doasconf ]; then
>>> +cp $doasconf $tempfile
>>> +vi $tempfile
>>> +while ! doas -C $tempfile; do
>>> +echo "Press Enter to retry, Ctrl-C to abort."
>>> +read
>>> +vi $tempfile
>>> +done
>>> +if doas -C $tempfile; then
>>> +cp -f $tempfile $doasconf
>>> +rm -f $tempfile
>>> +fi
>>> +else
>>> +echo "$doasconf is not writable by this user."
>>> +exit 1
>>> +fi
>>> diff -u /dev/null usr.bin/doas/vidoas.1
>>> --- /dev/null2018-02-22 08:14:04.607259461 +
>>> +++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +
>>> @@ -0,0 +1,44 @@
>>> +.\" $OpenBSD$
>>> +.\"
>>> +.\"Copyright (c) 2018 Anthony Perkins 
>>> +.\"
>>> +.\"Permission to use, copy, modify, and distribute this software for
>>> any
>>> +.\"purpose with or without fee is hereby granted, provided that the
>>> above
>>> +.\"copyright notice and this permission notice appear in all copies.
>>> +.\"
>>> +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> WARRANTIES
>>> +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>>> +.\"MERCHANTABILITY AND 

Re: More useful: something like doasedit (was: Utility to safely edit doas.conf)

[Michael Price]

Perhaps I am just dense, but what problem does sudoedit solve that is not
easily solved with groups and chmod?

Michael

On Wed, Feb 28, 2018 at 12:57 PM Felix Maschek  wrote:

> Hi,
>
> to prevent privilege escalation by allowing 'sudo vi' (simple by
> invoking a shell from within vi) there is a special command 'sudoedit'.
> So far I can see this is missing currently if I use doas instead of
> sudo.
>
> So adding a similar command is more helpful to secure a system than
> special editors for every config file.
>
> Kind regards
> Felix
>
> On 28.02.2018 18:22, Frans Haarman wrote:
> > I've wondered about the usefulness of something like 'rcctl edit
> > bgpd'and a
> > bgpd_conf=/etc/bgpd.conf in rc.conf.
> >
> > Together with a 'rcctl clone' creating rc.d/bgpd symlink and
> > rc.conf.local
> > flags.
> >
> > Might make it easier running multiple of the same daemons?
> >
> > Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
> > bgpd confirm'.
> >
> > Just wondering out loud now :)
> >
> > Regards,
> > Frans
> >
> > Op woensdag 28 februari 2018 heeft Theo de Raadt 
> > het
> > volgende geschreven:
> >> Yeah.
> >>
> >> And I suppose we also need seperate programs for all the other files
> >> in /etc?
> >>
> >> Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
> >> visshd, vissh, etc
> >>
> >> After all, someone could create unsafe configurations, and lots of
> > handholding
> >> is needed everywhere, yes?
> >>
> >> I'm sorry, but I disagree.  The tooling already exists to let you do
> >> this carefully.  It is up to people to use their brains. And your
> >> script doesn't have any locking, so it is still error prone.
> >>
> >> I really don't see the point of these wrappers.
> >>
> >>> The following is a shell script to safely edit /etc/doas.conf so that
> >>> you
> > avoid locking yourself out with a bad config. I managed to do this
> > myself,
> > so thought it might be useful to a wider audience.
> >>>
> >>> It is inspired by the 'visudo' tool: it copies doas.conf to a
> >>> temporary
> > directory then opens it in vi. When you exit vi it checks the format of
> > the
> > config file, and if it passes then it will overwrite the original one
> > then
> > delete the copy. If it fails a warning is shown, and the file is
> > re-opened
> > for editing.
> >>>
> >>> It will not create /etc/doas.conf if it does not already exist (I
> >>> could
> > add a separate warning for this if needed).
> >>>
> >>> diff -u /dev/null usr.bin/doas/vidoas
> >>> --- /dev/null2018-02-22 08:14:04.607259461 +
> >>> +++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +
> >>> @@ -0,0 +1,36 @@
> >>> +#!/bin/sh
> >>> +
> >>> +# $OpenBSD$
> >>> +#
> >>> +# Copyright (c) 2018 Anthony Perkins 
> >>> +#
> >>> +# Permission to use, copy, modify, and distribute this software for
> >>> any
> >>> +# purpose with or without fee is hereby granted, provided that the
> >>> above
> >>> +# copyright notice and this permission notice appear in all copies.
> >>> +#
> >>> +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> > WARRANTIES
> >>> +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> >>> +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
> >>> LIABLE FOR
> >>> +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
> >>> DAMAGES
> >>> +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
> >>> AN
> >>> +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
> >>> OUT OF
> >>> +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
> >>> +
> >>> +doasconf=/etc/doas.conf
> >>> +tempfile=$(mktemp -t doas. || exit 1)
> >>> +if [ -w $doasconf ]; then
> >>> +cp $doasconf $tempfile
> >>> +vi $tempfile
> >>> +while ! doas -C $tempfile; do
> >>> +echo "Press Enter to retry, Ctrl-C to abort."
> >>> +read
> >>> +vi $tempfile
> >>> +done
> >>> +if doas -C $tempfile; then
> >>> +cp -f $tempfile $doasconf
> >>> +rm -f $tempfile
> >>> +fi
> >>> +else
> >>> +echo "$doasconf is not writable by this user."
> >>> +exit 1
> >>> +fi
> >>> diff -u /dev/null usr.bin/doas/vidoas.1
> >>> --- /dev/null2018-02-22 08:14:04.607259461 +
> >>> +++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +
> >>> @@ -0,0 +1,44 @@
> >>> +.\" $OpenBSD$
> >>> +.\"
> >>> +.\"Copyright (c) 2018 Anthony Perkins 
> >>> +.\"
> >>> +.\"Permission to use, copy, modify, and distribute this software for
> >>> any
> >>> +.\"purpose with or without fee is hereby granted, provided that the
> >>> above
> >>> +.\"copyright notice and this permission notice appear in all copies.
> >>> +.\"
> >>> +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
> > WARRANTIES
> >>> +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
> >>> +.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE
> >>> LIABLE
> > FOR
> >>> +.\"ANY SPECIAL, 

Re: Utility to safely edit doas.conf

[Tom Davis]

In the line

> +tempfile=$(mktemp -t doas. || exit 1)

the "|| exit 1" doesn't actually do anything. In order to exit
the script the or bit must occur outside the subshell created by
the parenthesis. So

  tempfile=$(mktemp -t doas.) || exit 1

This will work with simple assignments though not with 'typeset'.

Additionally, as Martin Schröder pointed out, all editor calls
should use $EDITOR, but in case a user doesn't have that
defined, use

${EDITOR:-vi}

More useful: something like doasedit (was: Utility to safely edit doas.conf)

[Felix Maschek]

Hi,

to prevent privilege escalation by allowing 'sudo vi' (simple by 
invoking a shell from within vi) there is a special command 'sudoedit'. 
So far I can see this is missing currently if I use doas instead of 
sudo.


So adding a similar command is more helpful to secure a system than 
special editors for every config file.


Kind regards
Felix

On 28.02.2018 18:22, Frans Haarman wrote:
I've wondered about the usefulness of something like 'rcctl edit 
bgpd'and a

bgpd_conf=/etc/bgpd.conf in rc.conf.

Together with a 'rcctl clone' creating rc.d/bgpd symlink and 
rc.conf.local

flags.

Might make it easier running multiple of the same daemons?

Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
bgpd confirm'.

Just wondering out loud now :)

Regards,
Frans

Op woensdag 28 februari 2018 heeft Theo de Raadt  
het

volgende geschreven:

Yeah.

And I suppose we also need seperate programs for all the other files
in /etc?

Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
visshd, vissh, etc

After all, someone could create unsafe configurations, and lots of

handholding

is needed everywhere, yes?

I'm sorry, but I disagree.  The tooling already exists to let you do
this carefully.  It is up to people to use their brains. And your
script doesn't have any locking, so it is still error prone.

I really don't see the point of these wrappers.

The following is a shell script to safely edit /etc/doas.conf so that 
you
avoid locking yourself out with a bad config. I managed to do this 
myself,

so thought it might be useful to a wider audience.


It is inspired by the 'visudo' tool: it copies doas.conf to a 
temporary
directory then opens it in vi. When you exit vi it checks the format of 
the
config file, and if it passes then it will overwrite the original one 
then
delete the copy. If it fails a warning is shown, and the file is 
re-opened

for editing.


It will not create /etc/doas.conf if it does not already exist (I 
could

add a separate warning for this if needed).


diff -u /dev/null usr.bin/doas/vidoas
--- /dev/null2018-02-22 08:14:04.607259461 +
+++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# $OpenBSD$
+#
+# Copyright (c) 2018 Anthony Perkins 
+#
+# Permission to use, copy, modify, and distribute this software for 
any
+# purpose with or without fee is hereby granted, provided that the 
above

+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL

WARRANTIES

+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE 
LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY 
DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 
AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 
OUT OF

+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+doasconf=/etc/doas.conf
+tempfile=$(mktemp -t doas. || exit 1)
+if [ -w $doasconf ]; then
+cp $doasconf $tempfile
+vi $tempfile
+while ! doas -C $tempfile; do
+echo "Press Enter to retry, Ctrl-C to abort."
+read
+vi $tempfile
+done
+if doas -C $tempfile; then
+cp -f $tempfile $doasconf
+rm -f $tempfile
+fi
+else
+echo "$doasconf is not writable by this user."
+exit 1
+fi
diff -u /dev/null usr.bin/doas/vidoas.1
--- /dev/null2018-02-22 08:14:04.607259461 +
+++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +
@@ -0,0 +1,44 @@
+.\" $OpenBSD$
+.\"
+.\"Copyright (c) 2018 Anthony Perkins 
+.\"
+.\"Permission to use, copy, modify, and distribute this software for 
any
+.\"purpose with or without fee is hereby granted, provided that the 
above

+.\"copyright notice and this permission notice appear in all copies.
+.\"
+.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL

WARRANTIES

+.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE 
LIABLE

FOR
+.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY 
DAMAGES
+.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER 
IN AN
+.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 
OUT

OF

+.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.Dd $Mdocdate: February 28 2018 $
+.Dt VIDOAS 1
+.Os
+.Sh NAME
+.Nm vidoas
+.Nd safely edit the doas config file
+.Sh SYNOPSIS
+.Nm vidoas
+.Sh DESCRIPTION
+The
+.Nm
+utility edits a copy of
+.Pa /etc/doas.conf .
+If the copy is valid the original file will be replaced.
+.Pp
+This helps to prevent you from accidentally
+locking yourself out from
+.Xr doas 1
+with a typo.
+It is inspired by the
+.Xr visudo 1
+utility.
+.Pp
+This utility takes no arguments.
+.Sh SEE ALSO
+.Xr doas 1 ,
+.Xr doas.conf 5
+.Sh AUTHORS
+.An Anthony Perkins 

Re: Utility to safely edit doas.conf

[Frans Haarman]

I've wondered about the usefulness of something like 'rcctl edit bgpd'and a
bgpd_conf=/etc/bgpd.conf in rc.conf.

Together with a 'rcctl clone' creating rc.d/bgpd symlink and rc.conf.local
flags.

Might make it easier running multiple of the same daemons?

Add more cool stuff later like 'rcctl edit bgpd commit' and 'rcctl edit
bgpd confirm'.

Just wondering out loud now :)

Regards,
Frans

Op woensdag 28 februari 2018 heeft Theo de Raadt  het
volgende geschreven:
> Yeah.
>
> And I suppose we also need seperate programs for all the other files
> in /etc?
>
> Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
> visshd, vissh, etc
>
> After all, someone could create unsafe configurations, and lots of
handholding
> is needed everywhere, yes?
>
> I'm sorry, but I disagree.  The tooling already exists to let you do
> this carefully.  It is up to people to use their brains. And your
> script doesn't have any locking, so it is still error prone.
>
> I really don't see the point of these wrappers.
>
>>The following is a shell script to safely edit /etc/doas.conf so that you
avoid locking yourself out with a bad config. I managed to do this myself,
so thought it might be useful to a wider audience.
>>
>>It is inspired by the 'visudo' tool: it copies doas.conf to a temporary
directory then opens it in vi. When you exit vi it checks the format of the
config file, and if it passes then it will overwrite the original one then
delete the copy. If it fails a warning is shown, and the file is re-opened
for editing.
>>
>>It will not create /etc/doas.conf if it does not already exist (I could
add a separate warning for this if needed).
>>
>>diff -u /dev/null usr.bin/doas/vidoas
>>--- /dev/null2018-02-22 08:14:04.607259461 +
>>+++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +
>>@@ -0,0 +1,36 @@
>>+#!/bin/sh
>>+
>>+# $OpenBSD$
>>+#
>>+# Copyright (c) 2018 Anthony Perkins 
>>+#
>>+# Permission to use, copy, modify, and distribute this software for any
>>+# purpose with or without fee is hereby granted, provided that the above
>>+# copyright notice and this permission notice appear in all copies.
>>+#
>>+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES
>>+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>>+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
>>+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>>+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>>+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>>+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>>+
>>+doasconf=/etc/doas.conf
>>+tempfile=$(mktemp -t doas. || exit 1)
>>+if [ -w $doasconf ]; then
>>+cp $doasconf $tempfile
>>+vi $tempfile
>>+while ! doas -C $tempfile; do
>>+echo "Press Enter to retry, Ctrl-C to abort."
>>+read
>>+vi $tempfile
>>+done
>>+if doas -C $tempfile; then
>>+cp -f $tempfile $doasconf
>>+rm -f $tempfile
>>+fi
>>+else
>>+echo "$doasconf is not writable by this user."
>>+exit 1
>>+fi
>>diff -u /dev/null usr.bin/doas/vidoas.1
>>--- /dev/null2018-02-22 08:14:04.607259461 +
>>+++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +
>>@@ -0,0 +1,44 @@
>>+.\" $OpenBSD$
>>+.\"
>>+.\"Copyright (c) 2018 Anthony Perkins 
>>+.\"
>>+.\"Permission to use, copy, modify, and distribute this software for any
>>+.\"purpose with or without fee is hereby granted, provided that the above
>>+.\"copyright notice and this permission notice appear in all copies.
>>+.\"
>>+.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES
>>+.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>>+.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE
FOR
>>+.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>>+.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>>+.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
OF
>>+.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>>+.Dd $Mdocdate: February 28 2018 $
>>+.Dt VIDOAS 1
>>+.Os
>>+.Sh NAME
>>+.Nm vidoas
>>+.Nd safely edit the doas config file
>>+.Sh SYNOPSIS
>>+.Nm vidoas
>>+.Sh DESCRIPTION
>>+The
>>+.Nm
>>+utility edits a copy of
>>+.Pa /etc/doas.conf .
>>+If the copy is valid the original file will be replaced.
>>+.Pp
>>+This helps to prevent you from accidentally
>>+locking yourself out from
>>+.Xr doas 1
>>+with a typo.
>>+It is inspired by the
>>+.Xr visudo 1
>>+utility.
>>+.Pp
>>+This utility takes no arguments.
>>+.Sh SEE ALSO
>>+.Xr doas 1 ,
>>+.Xr doas.conf 5
>>+.Sh AUTHORS
>>+.An Anthony Perkins 
>>
>>This is only my second ever submission, so I would appreciate any
guidance. I've also not yet edited the Makefile to include this in the
build.
>>
>>All the best,
>>
>>Anthony
>>
>>--
>>Anthony Perkins

Re: Utility to safely edit doas.conf

[Stuart Henderson]

On 2018/02/28 16:16, Anthony Perkins wrote:
> The following is a shell script to safely edit /etc/doas.conf so that you 
> avoid locking yourself out with a bad config. I managed to do this myself, so 
> thought it might be useful to a wider audience.

You can still lock yourself out with a bad doas.conf (or sudoers) edit,
even with a syntactically valid config. A safer way is to keep a spare
root shell open.

Re: Utility to safely edit doas.conf

[Martin Schröder]

2018-02-28 17:16 GMT+01:00 Anthony Perkins :
> +vi $tempfile

Use $EDITOR, don't call vi directly.

Best
   Martin

Re: Utility to safely edit doas.conf

[Theo de Raadt]

Yeah.

And I suppose we also need seperate programs for all the other files
in /etc?

Such as visysctl.conf, vivm.conf, vigroup, vishells, virc.conf.local,
visshd, vissh, etc

After all, someone could create unsafe configurations, and lots of handholding
is needed everywhere, yes?

I'm sorry, but I disagree.  The tooling already exists to let you do
this carefully.  It is up to people to use their brains. And your
script doesn't have any locking, so it is still error prone.

I really don't see the point of these wrappers.

>The following is a shell script to safely edit /etc/doas.conf so that you 
>avoid locking yourself out with a bad config. I managed to do this myself, so 
>thought it might be useful to a wider audience.
>
>It is inspired by the 'visudo' tool: it copies doas.conf to a temporary 
>directory then opens it in vi. When you exit vi it checks the format of the 
>config file, and if it passes then it will overwrite the original one then 
>delete the copy. If it fails a warning is shown, and the file is re-opened for 
>editing.
>
>It will not create /etc/doas.conf if it does not already exist (I could add a 
>separate warning for this if needed).
>
>diff -u /dev/null usr.bin/doas/vidoas
>--- /dev/null2018-02-22 08:14:04.607259461 +
>+++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +
>@@ -0,0 +1,36 @@
>+#!/bin/sh
>+
>+# $OpenBSD$
>+#
>+# Copyright (c) 2018 Anthony Perkins 
>+#
>+# Permission to use, copy, modify, and distribute this software for any
>+# purpose with or without fee is hereby granted, provided that the above
>+# copyright notice and this permission notice appear in all copies.
>+#
>+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
>+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
>+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>+
>+doasconf=/etc/doas.conf
>+tempfile=$(mktemp -t doas. || exit 1)
>+if [ -w $doasconf ]; then
>+cp $doasconf $tempfile
>+vi $tempfile
>+while ! doas -C $tempfile; do
>+echo "Press Enter to retry, Ctrl-C to abort."
>+read
>+vi $tempfile
>+done
>+if doas -C $tempfile; then
>+cp -f $tempfile $doasconf
>+rm -f $tempfile
>+fi
>+else
>+echo "$doasconf is not writable by this user."
>+exit 1
>+fi
>diff -u /dev/null usr.bin/doas/vidoas.1
>--- /dev/null2018-02-22 08:14:04.607259461 +
>+++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +
>@@ -0,0 +1,44 @@
>+.\" $OpenBSD$
>+.\"
>+.\"Copyright (c) 2018 Anthony Perkins 
>+.\"
>+.\"Permission to use, copy, modify, and distribute this software for any
>+.\"purpose with or without fee is hereby granted, provided that the above
>+.\"copyright notice and this permission notice appear in all copies.
>+.\"
>+.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
>+.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>+.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
>+.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>+.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>+.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>+.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>+.Dd $Mdocdate: February 28 2018 $
>+.Dt VIDOAS 1
>+.Os
>+.Sh NAME
>+.Nm vidoas
>+.Nd safely edit the doas config file
>+.Sh SYNOPSIS
>+.Nm vidoas
>+.Sh DESCRIPTION
>+The
>+.Nm
>+utility edits a copy of
>+.Pa /etc/doas.conf .
>+If the copy is valid the original file will be replaced.
>+.Pp
>+This helps to prevent you from accidentally
>+locking yourself out from
>+.Xr doas 1
>+with a typo.
>+It is inspired by the
>+.Xr visudo 1
>+utility.
>+.Pp
>+This utility takes no arguments.
>+.Sh SEE ALSO
>+.Xr doas 1 ,
>+.Xr doas.conf 5
>+.Sh AUTHORS
>+.An Anthony Perkins 
>
>This is only my second ever submission, so I would appreciate any guidance. 
>I've also not yet edited the Makefile to include this in the build.
>
>All the best,
>
>Anthony
>
>--
>Anthony Perkins
>Email: anth...@acperkins.com
>OpenPGP: https://acperkins.com/openpgp
>
>

Utility to safely edit doas.conf

[Anthony Perkins]

The following is a shell script to safely edit /etc/doas.conf so that you avoid 
locking yourself out with a bad config. I managed to do this myself, so thought 
it might be useful to a wider audience.

It is inspired by the 'visudo' tool: it copies doas.conf to a temporary 
directory then opens it in vi. When you exit vi it checks the format of the 
config file, and if it passes then it will overwrite the original one then 
delete the copy. If it fails a warning is shown, and the file is re-opened for 
editing.

It will not create /etc/doas.conf if it does not already exist (I could add a 
separate warning for this if needed).

diff -u /dev/null usr.bin/doas/vidoas
--- /dev/null2018-02-22 08:14:04.607259461 +
+++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+# $OpenBSD$
+#
+# Copyright (c) 2018 Anthony Perkins 
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+doasconf=/etc/doas.conf
+tempfile=$(mktemp -t doas. || exit 1)
+if [ -w $doasconf ]; then
+cp $doasconf $tempfile
+vi $tempfile
+while ! doas -C $tempfile; do
+echo "Press Enter to retry, Ctrl-C to abort."
+read
+vi $tempfile
+done
+if doas -C $tempfile; then
+cp -f $tempfile $doasconf
+rm -f $tempfile
+fi
+else
+echo "$doasconf is not writable by this user."
+exit 1
+fi
diff -u /dev/null usr.bin/doas/vidoas.1
--- /dev/null2018-02-22 08:14:04.607259461 +
+++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +
@@ -0,0 +1,44 @@
+.\" $OpenBSD$
+.\"
+.\"Copyright (c) 2018 Anthony Perkins 
+.\"
+.\"Permission to use, copy, modify, and distribute this software for any
+.\"purpose with or without fee is hereby granted, provided that the above
+.\"copyright notice and this permission notice appear in all copies.
+.\"
+.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.Dd $Mdocdate: February 28 2018 $
+.Dt VIDOAS 1
+.Os
+.Sh NAME
+.Nm vidoas
+.Nd safely edit the doas config file
+.Sh SYNOPSIS
+.Nm vidoas
+.Sh DESCRIPTION
+The
+.Nm
+utility edits a copy of
+.Pa /etc/doas.conf .
+If the copy is valid the original file will be replaced.
+.Pp
+This helps to prevent you from accidentally
+locking yourself out from
+.Xr doas 1
+with a typo.
+It is inspired by the
+.Xr visudo 1
+utility.
+.Pp
+This utility takes no arguments.
+.Sh SEE ALSO
+.Xr doas 1 ,
+.Xr doas.conf 5
+.Sh AUTHORS
+.An Anthony Perkins 

This is only my second ever submission, so I would appreciate any guidance. 
I've also not yet edited the Makefile to include this in the build.

All the best,

Anthony

--
Anthony Perkins
Email: anth...@acperkins.com
OpenPGP: https://acperkins.com/openpgp