[email protected] wrote: > > I think the failsafe is "run su". > > Visudo(8) style wrapper for doas(1) that would respect the editor > preferences... is only a suggestion, no? We're 2015 here.
and vipf after that? there are countless config files, even more dangerous than doas.conf, that you edit at your own peril. > > Since it is possible to configure doas to > > even less than "permit :wheel" this would in some cases be a fail open. > > I'm not sure how much exactly "flak" I'd get about this, but: is the > "permit" word specifically chosen in the DSL for this? there's not a of meaning behind "permit", other than that it's a word that seems appropriate. > P.S. My opinion has zero value but why can't su(1) work this purpose? The semantics of su are different in a couple and people seem to like using sudo. Trying to share code with su risks muddying up that code and introducing mistakes.
