Received: from mail.envs.net (mail.envs.net [5.199.136.28])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id A60917814C7
	for <~alpine/users@lists.alpinelinux.org>; Mon, 18 Apr 2022 22:51:34 +0000 (UTC)
Received: from localhost (mail.envs.net [127.0.0.1])
	by mail.envs.net (Postfix) with ESMTP id 7B5B738A0273
	for <~alpine/users@lists.alpinelinux.org>; Mon, 18 Apr 2022 22:51:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=envs.net; s=modoboa;
	t=1650322293; bh=R2Fn7h82i9H/lcAXhLxEEKNlthliZG+poRQwwlhme6M=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=TXZDu2HXaOhPa7mMeRXy+s8UEMpGnM2qiU0LwH5zbBbmPAZIK844Jol9stwPT9at8
	 qgMHyCtkX2AsRh8chBvl81zzCm/YL6jb5ZaFTX+7EHsU77dRysgJ7IHsuFkRSp5GZN
	 F/OydnL9TrAcwl07d5cnhyrn5PG/WFw8I8gFh2N8QrsX0oe7fO3usXa9AKPHlSaPbs
	 K6rIIQFLhbDScWJaakVSFmhVRrilTPCpkyfuQjIu3Kwnm+3mwNpBVEjwfNL0quwaSO
	 M46bHx8f1QhBEixWjRLfXTcNIsoBH2BBYImMG3YlGRK80P1IiDB/nrhiSYYvFWo3Hi
	 ezfcoqVtthnRVAjD6walj28AO1ZzoPbphjwNPDl8rqhq3Xnfn4Z5up7Fw8P/rTZ08o
	 BELv5G+KXMN2SFM8xstcQ4E5O+Evd+4b/qiyLuR9DBkr4jKDY/WH5ZrGUFs1S0jftZ
	 339UzUhGb1BkIXqo9T+zD6YHGbsqXQnNjzMxGwm8NN3U6xDBNXk3xLrm22cuTryAJF
	 WiiokC5Lk1pfp4OdtCjRtDHbFbBKFatVOvwjRGdJTHj5ZddHe2NhnEB5k5gbLLtEFA
	 KMAe9Hk1A+TI9FczGrrLfIR92Bi061cwWmW7fFDH04T/eym/ShmxlYoElJfie2gUra
	 el8JDADRIvyFo/qsuPKVqZuI=
X-Virus-Scanned: Debian amavisd-new at mail.envs.net
Received: from mail.envs.net ([127.0.0.1])
	by localhost (mail.envs.net [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id KszLvhJH7704 for <~alpine/users@lists.alpinelinux.org>;
	Mon, 18 Apr 2022 22:51:32 +0000 (UTC)
Received: from core.envs.net (unknown [192.168.1.1])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	(Authenticated sender: helby@envs.net)
	by mail.envs.net (Postfix) with ESMTPSA
	for <~alpine/users@lists.alpinelinux.org>; Mon, 18 Apr 2022 22:51:32 +0000 (UTC)
Date: Tue, 19 Apr 2022 00:51:31 +0200
From: helby <helby@envs.net>
To: ~alpine/users@lists.alpinelinux.org
Subject: Re: Help me understand doas.conf
Message-ID: <Yl3rc6r6rs8dv7Mu@core.envs.net>
References: <YlzPobImpOvbm01m@ws>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <YlzPobImpOvbm01m@ws>
X-Info: Keep it simple.

Hey,

The order of your rules matters.
"The last matching rule determines the action taken."
https://man.openbsd.org/doas.conf

You have to start with a 'general' rule, then add more specific below.
You can also add user directly instead of :group to be more strict.