Hi Jason,
I've left replies inline and a new patch at the bottom with the
following changes:
- dropped the subjective wording and markup changes
- dropped su.1 change
On 07/25/15 03:58, Jason McIntyre wrote:
>> The default is root.
>> .El
>> +.Sh FILES
>> +.Bl -tag -width
>> /etc/doas.conff
>> +.It Pa /etc/doas.conf
>> +configuration file
>> +.El
> again it's correct, but doesn;t really add anything.>
Most every utility I looked through which used a configuration file in
/etc/ had an entry for it in FILES. I figure it's more obvious than a
comparatively small mention in SEE ALSO.
>> Index: src/usr.bin/doas/doas.conf.5
>> ===================================================================
>> RCS file: /cvs/src/usr.bin/doas/doas.conf.5,v
>> retrieving revision 1.11
>> diff -u -p -r1.11 doas.conf.5
>> --- src/usr.bin/doas/doas.conf.5 23 Jul 2015 15:26:37 -0000 1.11
>> +++ src/usr.bin/doas/doas.conf.5 25 Jul 2015 03:16:26 -0000
>> @@ -57,27 +57,32 @@ The default is to reset the environment,
>> .Ev USER
>> and
>> .Ev USERNAME .
>> -.It Ic keepenv { Oo variable names Oc Ic }
>> -Reset the environment, but keep the space-separated specified variables.
>> +.It Ic keepenv { Oo Ar variable ... Oc Ic }
>> +In addition to the variables mentioned above, keep the space-separated
>> +specified variables.
>
> is that correct? is there no way to totally reset your environment
> keeping only stuff you specify?
I couldn't manage to get around that:
~ $ cat /etc/doas.conf
permit keepenv { PKG_PATH CVSROOT } :wheel
~ $ doas env
Password:
DISPLAY=:0
HOME=/home/michael
LOGNAME=michael
MAIL=/var/mail/michael
PATH=...
TERM=st-256color
USER=michael
PKG_PATH=...
CVSROOT=...
~ $
>> The default is root.
>> .It Ic cmd Ar command
>> -The command the user is allowed or denied to run.
>> +The command the user is allowed or prohibited to run.
>
> why this?
Denied sounds like it's already happened, where as I find `prohibited'
to be more clearly an opposite of `allowed'.
>> .El
>> .Pp
>> The last matching rule determines the action taken.
>> @@ -109,7 +114,9 @@ variables
>> .Ev PS1 ,
>> and
>> .Ev SSH_AUTH_SOCK ,
>> -and additionally permits tedu to run procmap as root without a password.
>> +and additionally permits tedu to run
>> +.Xr procmap 1
>> +as root without a password.
>
> well it's not as if it helps to refer the reader to the procmap page.
> again it's not wrong, it just doesn;t feel like it adds anything helpful
Eh, it's admittedly not that helpful, but I don't see any downside to
it; it makes it clear that procmap(1) is a utility, which seem to be
marked up like above consistently in the tree.
Anyways, new (smaller) diff is below.
Regards,
Michael
Index: doas.1
===================================================================
RCS file: /cvs/src/usr.bin/doas/doas.1,v
retrieving revision 1.10
diff -u -p -r1.10 doas.1
--- doas.1 21 Jul 2015 17:49:33 -0000 1.10
+++ doas.1 25 Jul 2015 11:19:15 -0000
@@ -44,10 +44,17 @@ Execute the shell from
or
.Pa /etc/passwd .
.It Fl u Ar user
-Execute the command as
+Execute
+.Ar command
+as
.Ar user .
The default is root.
.El
+.Sh FILES
+.Bl -tag -width /etc/doas.conff
+.It Pa /etc/doas.conf
+configuration file
+.El
.Sh EXIT STATUS
.Ex -std doas
It may fail for one of the following reasons:
@@ -65,6 +72,7 @@ The password was incorrect.
The actual program is absent or not executable.
.El
.Sh SEE ALSO
+.Xr su 1 ,
.Xr doas.conf 5
.Sh HISTORY
The
Index: doas.conf.5
===================================================================
RCS file: /cvs/src/usr.bin/doas/doas.conf.5,v
retrieving revision 1.11
diff -u -p -r1.11 doas.conf.5
--- doas.conf.5 23 Jul 2015 15:26:37 -0000 1.11
+++ doas.conf.5 25 Jul 2015 11:19:15 -0000
@@ -57,18 +57,20 @@ The default is to reset the environment,
.Ev USER
and
.Ev USERNAME .
-.It Ic keepenv { Oo variable names Oc Ic }
-Reset the environment, but keep the space-separated specified variables.
+.It Ic keepenv { Oo Ar variable ... Oc Ic }
+In addition to the variables mentioned above, keep the space-separated
+specified variables.
.El
.It Ar identity
The username to match.
-Groups may be specified by prepending a colon (:).
+Groups may be specified by prepending a colon
+.Pq Sq \&: .
Numeric IDs are also accepted.
.It Ic as Ar target
The target user the running user is allowed to run the command as.
The default is root.
.It Ic cmd Ar command
-The command the user is allowed or denied to run.
+The command the user is allowed or prohibited to run.
The default is all commands.
Be advised that it's best to specify absolute paths.
.It Ic args ...
@@ -109,7 +111,9 @@ variables
.Ev PS1 ,
and
.Ev SSH_AUTH_SOCK ,
-and additionally permits tedu to run procmap as root without a password.
+and additionally permits tedu to run
+.Xr procmap 1
+as root without a password.
.Bd -literal -offset indent
# Non-exhaustive list of variables needed to
# build release(8) and ports(7)
