Received: from wolfsden.cz (wolfsden.cz [37.205.8.62]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id C82957815C4 for <~alpine/users@lists.alpinelinux.org>; Mon, 18 Apr 2022 02:40:35 +0000 (UTC) Received: by wolfsden.cz (Postfix, from userid 104) id 7CC57BA11; Mon, 18 Apr 2022 02:40:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1650249634; bh=F4IV9j2HQ+O/muFaZG2nWOFaBPAcmEkFrohlizRlbtE=; h=Date:From:To:Subject; b=ciHejRTWJ9nDAJdS50Cwk13tzReKgupvmJsu53M7pg1Mq2TuQXSPGEwS2I40tljf6 A/LlbLpy/LGo9KYivQ9DjU6eKLpgykoVxcyJqEPkqL9e9R1HHp5M2okSqHODyUJqjs Fi+hVhTUq5odSgrSJFfAI3pk0g0t77WG3gh2j5EXabMlpBOMt4NTb0qQhtWY1P+HIT zpovRk6UEquDR0stvHQGQehocJd8jDxoqzunSQk9nGjKLq4Mje8SDuPRczD74Emjzr Ak8Zl8fYpwH4iBTKDuXQOZXoGl6pRdQ0LkOmTVY/CLyyavzc9gR9R608VZx9d55w2R wxEmpJYtnV8W/YLFteJjB87vqdnsUakVxXLZs1D7DgQRxM5yKXXA39Re6q9Qq9KnRF atQ2xwvXXVdXWEpCC3PfUxR5zz8/k5AMa+rWBYgWFyh2re0z5LOYJfWgGFS40FFBlh O8HUI1r5QV6d8GdnXg9X85kLmsTBv0zzb7/Hix7XXQMT5QflH6ge+JFAqhMf+l+amG 2k4hH3kl/udqoVsIdON6G17h6y87GOcyG0tUZ5MVBHvurukG/IWMkyZOsx78w2ytzT r8Y9QxOS8/MdRmn640YAVqwqGE2KD21Y9sVz5uzQv5xWbrkB1OqlTVfTKK1kESc40l +IXkjlB2QDoh0y01Rny3i9xQ= X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on wolfsden X-Spam-Level: X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from localhost (unknown [128.0.188.242]) by wolfsden.cz (Postfix) with ESMTPSA id BDE81BABB for <~alpine/users@lists.alpinelinux.org>; Mon, 18 Apr 2022 02:40:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wolfsden.cz; s=mail; t=1650249633; bh=F4IV9j2HQ+O/muFaZG2nWOFaBPAcmEkFrohlizRlbtE=; h=Date:From:To:Subject; b=q0U+lHo65cAnkLqE2ATUxvcY1momjkUOYWF/W9rV10zXOjo2giISTCRWUyceb+3t3 Lp0nBI5HNZ2ezG9yyiDWWNh/dXYw+Zp4STkNy4D40IHRsTfJ3pHjRwroiNam/bGTuW 5U7OeFvJKmk5+tKtZBYebDExOLJCxa4I4X3eIRWolb9ByCjzK7Og98QY7g4hqGeFAr 1M+q/qfXGuEMr2YHNK4rxm36+GZlpf2OwBNaaPqArYPd0kzV378Yw7Xfuh9QzTnHNI tQsdumfpnyARNTn5YUg2j/u9S2e3kVdTNNHTFZo/kuLlybXrzeaujg8P9QCXTvNQCt KQqyF2f0RANjVSd6GMsh8KgbKBFCblzP49L+8mESnVqpcXcBxLNO+LNSEFvZx06t0E YJrWDv5PCGozfM+N+y+RqQSjboitRgsw9AM47E4Kr6a2UNWLOCFl9r2CpkNmb4sSom gpJzcyNXCmaEwjiLH4fVL6m9eC9M965LlLfPtaE69mfscvTl/zR3slTgD4qQhb2ire e9eJmPEQj8q9avs/xWF54ndNHJvSOt3Qd/UlDssO80PatRsEjl2TAzCYg+o+ZT9rUr PBpL1Wy0gM/mOzalq6FD0LLNfYS06DQtIFzcuSKsLF7MYFzOE9qUjAdSbdPrrX2xDT ggf4RspDXthqVF+sdn+LX+BI= Date: Mon, 18 Apr 2022 04:40:33 +0200 From: Wolf To: ~alpine/users@lists.alpinelinux.org Subject: Help me understand doas.conf Message-ID: Mail-Followup-To: ~alpine/users@lists.alpinelinux.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4T76WqH6I7dvgxQ5" Content-Disposition: inline --4T76WqH6I7dvgxQ5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I'm trying to configure doas to allow running one shell script without requiring password. I've read the manual page and (I think) understood it, however I still cannot wrap my head around the behaviour. When I have this in my wheel.conf, everything works fine: permit persist :wheel permit nopass :wheel cmd /usr/local/bin/dock-network However, once I switch the lines around like this: permit nopass :wheel cmd /usr/local/bin/dock-network permit persist :wheel It does not work anymore: $ doas -n /usr/local/bin/dock-network doas: Authentication required And I just do not understand why the order should matter. As for why I even bother, I want to have the nopass in separate file in /etc/doas.d, but I was not able to get it to work at all if it was in two separate files. Actually, now that I think about it, all my attempts with multiple files matched the alphabetical order from the second (not working) case. But for these two rules order just should not matter, no? Thank you in advance for any advice regarding this. W. --=20 There are only two hard things in Computer Science: cache invalidation, naming things and off-by-one errors. --4T76WqH6I7dvgxQ5 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEt4NJs4wUfTYpiGikL7/ufbZ/wakFAmJcz6EACgkQL7/ufbZ/ waldjg/+N+1/0ESHqBXFaVMSDxZtdFSD1dHNhVw/gsOC+pKXZL1Vz6oVfRTc4oG3 6w2MDHe2S4c3WFr0yK8qJ5xl+rkDHfBve7QIKR4GU2WNmT+q1IrlE8w8w8BPvO4R SUE2VvMyWgJA9zoqBJzFQP/eEjVEZKVbe5aacJwqZj5kRI7kKbUAEWOfdmYnMXXf 4nhAobP9M6su2FiuAxnIiUbb8jJMpuh0L3ZAHQJMKKxaHW3SyeHRuiOOw78I9Wt3 Z6tadTp8FAoX0qs9gmxDY770YLX7V6Pq6QZzGMqoWnErShGmfwK63q1OYJzmIoP0 pSITsaW315vUTBs22rwByhdD1LQ0tdb/UTQD1SYv8tF011PHAIXybfLgcG/5k5Cv AFMZPuJ3KS8V1SzKTdbqNXzsQw08kwM596rahsTb37x6k9l7RikPozuzVGoajoms MD3jvjtuPJ43nGodYsSv9IjGLVk2A4osaRSYw8zE2sM6VQbugveQmno8KHIoErxc EvpkUae0UqwkhKJ1l+sG+9t6N2MVJ/51Od+P4B1yh5poULkkXvu4Q0o3p3n5yMnn jWeiqZmWcxWilBdEORS1gRsCyHElB20PCx+VZUTP8dgo/jHWAzmRqreIav6vd9LP es25InqMfWfOp87YpjOpU1YiOtii8Ii09zMfCwMqUKJ8ZmCy/V4= =36mB -----END PGP SIGNATURE----- --4T76WqH6I7dvgxQ5--