Wednesday, October 31, 2018

Re: syntax error and doas.conf

Stuart Henderson <stu@spacehopper.org> writes:

> If you aren't sure about a change you're about to make, keep a spare
> root shell open (or at least keep the editor open - save the file
> but don't exit - and test on another terminal).

I would add that this is not really OpenBSD-specific. Yes there's no
direct analogue to visudo(8) but it's perfectly possible to lock
yourself out of sudo access even with a correctly formatted /etc/sudoers
file, and visudo will happily let you shoot yourself in the foot that
way. With the sudoers(5) man page clocking in at about 20x the size of
the doas.conf(5) page, it's probably quite likely.

Allan

No comments:

Post a Comment