The following is a shell script to safely edit /etc/doas.conf so that you avoid locking yourself out with a bad config. I managed to do this myself, so thought it might be useful to a wider audience.
It is inspired by the 'visudo' tool: it copies doas.conf to a temporary directory then opens it in vi. When you exit vi it checks the format of the config file, and if it passes then it will overwrite the original one then delete the copy. If it fails a warning is shown, and the file is re-opened for editing. It will not create /etc/doas.conf if it does not already exist (I could add a separate warning for this if needed). diff -u /dev/null usr.bin/doas/vidoas --- /dev/null2018-02-22 08:14:04.607259461 +0000 +++ usr.bin/doas/vidoas2018-02-28 15:50:35.358895700 +0000 @@ -0,0 +1,36 @@ +#!/bin/sh + +# $OpenBSD$ +# +# Copyright (c) 2018 Anthony Perkins <anth...@acperkins.com> +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +doasconf=/etc/doas.conf +tempfile=$(mktemp -t doas.XXXXXXXX || exit 1) +if [ -w $doasconf ]; then +cp $doasconf $tempfile +vi $tempfile +while ! doas -C $tempfile; do +echo "Press Enter to retry, Ctrl-C to abort." +read +vi $tempfile +done +if doas -C $tempfile; then +cp -f $tempfile $doasconf +rm -f $tempfile +fi +else +echo "$doasconf is not writable by this user." +exit 1 +fi diff -u /dev/null usr.bin/doas/vidoas.1 --- /dev/null2018-02-22 08:14:04.607259461 +0000 +++ usr.bin/doas/vidoas.12018-02-28 15:31:20.825930370 +0000 @@ -0,0 +1,44 @@ +.\" $OpenBSD$ +.\" +.\"Copyright (c) 2018 Anthony Perkins <anth...@acperkins.com> +.\" +.\"Permission to use, copy, modify, and distribute this software for any +.\"purpose with or without fee is hereby granted, provided that the above +.\"copyright notice and this permission notice appear in all copies. +.\" +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.Dd $Mdocdate: February 28 2018 $ +.Dt VIDOAS 1 +.Os +.Sh NAME +.Nm vidoas +.Nd safely edit the doas config file +.Sh SYNOPSIS +.Nm vidoas +.Sh DESCRIPTION +The +.Nm +utility edits a copy of +.Pa /etc/doas.conf . +If the copy is valid the original file will be replaced. +.Pp +This helps to prevent you from accidentally +locking yourself out from +.Xr doas 1 +with a typo. +It is inspired by the +.Xr visudo 1 +utility. +.Pp +This utility takes no arguments. +.Sh SEE ALSO +.Xr doas 1 , +.Xr doas.conf 5 +.Sh AUTHORS +.An Anthony Perkins <anth...@acperkins.com> This is only my second ever submission, so I would appreciate any guidance. I've also not yet edited the Makefile to include this in the build. All the best, Anthony -- Anthony Perkins Email: anth...@acperkins.com<mailto:anth...@acperkins.com> OpenPGP: https://acperkins.com/openpgp
