From owner-freebsd-questions@freebsd.org Tue Jun 27 06:14:08 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8112BDA1ECC for ; Tue, 27 Jun 2017 06:14:08 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mailrelay14.qsc.de (mailrelay14.qsc.de [212.99.163.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.antispameurope.com", Issuer "TeleSec ServerPass DE-2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E09E47D3B3 for ; Tue, 27 Jun 2017 06:14:07 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de ([213.148.129.14]) by mailrelay14.qsc.de; Tue, 27 Jun 2017 08:13:56 +0200 Received: from r56.edvax.de (port-92-195-203-79.dynamic.qsc.de [92.195.203.79]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx01.qsc.de (Postfix) with ESMTPS id ABEEB3CC56; Tue, 27 Jun 2017 08:13:55 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id v5R6Dsqx007744; Tue, 27 Jun 2017 08:13:55 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Tue, 27 Jun 2017 08:13:54 +0200 From: Polytropon To: alphachi Cc: "list: freebsd" Subject: Re: security/doas can't work with zsh alias Message-Id: <20170627081354.bf6ae28e.freebsd@edvax.de> In-Reply-To: References: Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-cloud-security-sender: freebsd@edvax.de X-cloud-security-recipient: freebsd-questions@freebsd.org X-cloud-security-Virusscan: CLEAN X-cloud-security-disclaimer: This E-Mail was scanned by E-Mailservice on mailrelay14.qsc.de with 27EED6834EB X-cloud-security-connect: mx01.qsc.de[213.148.129.14], TLS=1, IP=213.148.129.14 X-cloud-security: scantime:.1216 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Jun 2017 06:14:08 -0000 On Mon, 26 Jun 2017 20:25:02 +0800, alphachi wrote: > I'm preparing to migrate to doas and the following commands are my test: > > % cat /usr/local/etc/doas.conf > permit nopass keepenv fbsd as root > permit nopass keepenv root as root > % id -nu > fbsd > % doas id -nu > root > % echo $SHELL > /usr/local/bin/zsh > % doas echo $SHELL > /usr/local/bin/zsh > % alias > vi=vim > % doas alias > % > > As this shows, doas doesn't know this alias, so "doas vi" can't invoke > installed vim. > > Is this reasonable or just my mistake? How to enable zsh alias for doas? A possible explanation is that the subshell that executes the "alias" (internal) command provided through doas does not inherit the environment that stored the alias for the user shell; in such a case, root's environment (without the alias) will be used while the doas shell is running, that's why the "vi=vim" setting is not in that environment. However, that exactly seems to conflict with the "keepenv" option provided by doas.conf, except of course aliases are being handled independently from environmental variables (which the "env" in "keepenv" could refer to). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...