Date: Tue, 27 Jun 2017 08:13:54 +0200 From: Polytropon <freebsd@edvax.de> To: alphachi <alphachi@mediaspirit.org> Cc: "list: freebsd" <freebsd-questions@freebsd.org> Subject: Re: security/doas can't work with zsh alias Message-ID: <20170627081354.bf6ae28e.freebsd@edvax.de> In-Reply-To: <CAJN5%2BGtxHHMR3U_3SFWW2y2sST%2BX2JBvy8aqdryq65mnPuecVg@mail.gmail.com> References: <CAJN5%2BGu6yTYX6ePfhF7ApHtEKJq=o9DCgtyeqWdedqdEX91DQg@mail.gmail.com> <CAJN5%2BGuC06sfDTXZ%2BYjQ3yyArd-h1h9aq1DMvmXDuwfdSKezSA@mail.gmail.com> <CAJN5%2BGtQxRZkjk5-SXebKwApBsvsQsUFi7WHd8jow1KpeKXCCg@mail.gmail.com> <CAJN5%2BGtHnAt_R_pqu67H_DZLsDLkvHembCbyJ8FtxvJ=Eg3-pw@mail.gmail.com> <CAJN5%2BGtwrMp1bLGtWh1kCxj=HCHo9UehqCf08U%2BT%2BvO4ctozDg@mail.gmail.com> <CAJN5%2BGuk%2B-oaP-qucR8MMnMPeAtuCcDiMa8iDnmmk-O8G95bYA@mail.gmail.com> <CAJN5%2BGspmQpMeAq63t%2BV-Oq1NUW%2Bz4fD%2BOG_%2BQe5NYghMv3KJQ@mail.gmail.com> <CAJN5%2BGsVZoD3_paY8JVc7qmJDvvoPQzny1MdzD_GX%2BFeDuHS_A@mail.gmail.com> <CAJN5%2BGsFnBz2xzM%2BR5w81-haGODFPMQ0izAx4y5LsiaE5F17-A@mail.gmail.com> <CAJN5%2BGv=pmL5dhL8kwDUps6AAB8GSg6zKjuuyC_j%2B_UCnSzOTg@mail.gmail.com> <CAJN5%2BGuSgJn_7zg0f9ipQPYA0MRJDBGhECU%2BQ7733z5Q28TN8g@mail.gmail.com> <CAJN5%2BGtxHHMR3U_3SFWW2y2sST%2BX2JBvy8aqdryq65mnPuecVg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 26 Jun 2017 20:25:02 +0800, alphachi wrote: > I'm preparing to migrate to doas and the following commands are my test: > > % cat /usr/local/etc/doas.conf > permit nopass keepenv fbsd as root > permit nopass keepenv root as root > % id -nu > fbsd > % doas id -nu > root > % echo $SHELL > /usr/local/bin/zsh > % doas echo $SHELL > /usr/local/bin/zsh > % alias > vi=vim > % doas alias > % > > As this shows, doas doesn't know this alias, so "doas vi" can't invoke > installed vim. > > Is this reasonable or just my mistake? How to enable zsh alias for doas? A possible explanation is that the subshell that executes the "alias" (internal) command provided through doas does not inherit the environment that stored the alias for the user shell; in such a case, root's environment (without the alias) will be used while the doas shell is running, that's why the "vi=vim" setting is not in that environment. However, that exactly seems to conflict with the "keepenv" option provided by doas.conf, except of course aliases are being handled independently from environmental variables (which the "env" in "keepenv" could refer to). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170627081354.bf6ae28e.freebsd>