"Ted Unangst" <[email protected]> writes: > Manuel Giraud wrote: >> Hi, >> >> I've just shot myself in the foot after /etc/doas.conf tweaking. This >> patch adds a failsafe "permit :wheel" rule in case of syntax error. Is >> this safe enough? Should it be done elsewhere (with some kind of >> visudo)? > > I think the failsafe is "run su". Since it is possible to configure doas to > even less than "permit :wheel" this would in some cases be a fail > open.
You're right. I forgot about su and should have asked first. Another question before I give this a shot: doas requires an absolute path for command, is it feature or a behaviour that can be modified (i.e. I prefer to type "doas mount" instead of "doas /sbin/mount")? -- Manuel Giraud
