Replies: 5 comments
-
Could be a follow-up issue for #2655 after 1.7.2 ... marking for 1.8 |
Beta Was this translation helpful? Give feedback.
-
Simple instructions by the creator of doas here It is better to refer to debian docs about doas because it is not equal as the OpenBSD doas, becase of this:
I am using doas on home computer and on my Onion project, the
The
it is versatile to permit calling just certain commands or certain arguments:
We can check if user is permitted to do an action or not checking the config file with
This The basic usage and options are almost the same as in sudo
|
Beta Was this translation helpful? Give feedback.
-
doas did not work as I expected, it sees I have permission
So it does not detect usermod...
Doas is working but not compatible with usermod maybe?
What I found is that doas is not running with any system binaries from inside $ whereis usermod
usermod: /usr/sbin/usermod /usr/share/man/man8/usermod.8.gz
$ ls -l /usr/sbin/usermod
-rwxr-xr-x 1 root root 138584 Feb 7 2020 /usr/sbin/usermod
$ cp -v /usr/sbin/usermod /tmp/
'/usr/sbin/usermod' -> '/tmp/usermod'
$ ls -l /tmp/usermod
-rwxr-xr-x 1 nyxnor nyxnor 138584 Dec 3 10:27 /tmp/usermod
$ /tmp/usermod
Usage: usermod [options] LOGIN
Options:
-b, --badnames allow bad names
-c, --comment COMMENT new value of the GECOS field
[ ... output ommited for clarity ] |
Beta Was this translation helpful? Give feedback.
-
How nix-bitcoin uses doas: if security config for doas is enabled, use it, else fallback to sudo |
Beta Was this translation helpful? Give feedback.
-
Actually, usermod just works when I specify its entire path: $ doas /usr/sbin/usermod
doas (nyxnor@deb) password:
Usage: usermod [options] LOGIN
Options:
-b, --badnames allow bad names
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE This means that it has something to do with the path.
|
Beta Was this translation helpful? Give feedback.
-
Listening to https://anchor.fm/citadeldispatch/episodes/Citadel-Dispatch-e42---security-focused-bitcoin-nodes-with-nixbitcoinorg--n1ckler--and-seardsalmon-e19mcg1
with the nixbitcoin.org team.
Using the minimalistic
doas
command instead ofsudo
gets a detailed mention.Does is not readily available on my system (but should be on Debian Bullseye - https://wiki.debian.org/Doas) so will just start this here as a placeholder for further research.
Beta Was this translation helpful? Give feedback.
All reactions