Dear tech,
I guessed it better to add the message "permit persist" to checkconfig().
For example,
$ cat doas.conf.test
permit nopass puffy as root cmd pkg_add
permit persist puffy as root cmd adduser
permit puffy as root cmd mg
$ doas -C doas.conf.test pkg_add
permit nopass
$ doas -C doas.conf.test adduser
permit persist
$ doas -C doas.conf.test mg
permit
$
Would this be OK?
Sincerely, tech
Edakawa
Index: doas.c
===================================================================
RCS file: /cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.68
diff -u -p -u -r1.68 doas.c
--- doas.c 5 Oct 2016 23:28:28 -0000 1.68
+++ doas.c 21 Nov 2016 15:15:07 -0000
@@ -185,7 +185,9 @@ checkconfig(const char *confpath, int ar
if (permit(uid, groups, ngroups, &rule, target, argv[0],
(const char **)argv + 1)) {
- printf("permit%s\n", (rule->options & NOPASS) ? " nopass" : "");
+ printf("permit%s\n", (rule->options & NOPASS) ? " nopass"
+ : (rule->options & PERSIST) ? " persist"
+ : "");
exit(0);
} else {
printf("deny\n");
Index: doas.1
===================================================================
RCS file: /cvs/src/usr.bin/doas/doas.1,v
retrieving revision 1.19
diff -u -p -u -r1.19 doas.1
--- doas.1 4 Sep 2016 15:20:37 -0000 1.19
+++ doas.1 21 Nov 2016 15:14:54 -0000
@@ -62,7 +62,8 @@ will also perform command matching.
In the latter case
either
.Sq permit ,
-.Sq permit nopass
+.Sq permit nopass ,
+.Sq permit persist
or
.Sq deny
will be printed on standard output, depending on command
