Hi all,
just something I notice while trying out stuff with doas and my python
scripts. If you do a mistake and have a syntax error in the doas.conf
file you can easily look you self out from root privilages :(
consider a a case where your root has no pw, you are the guy in the
wheel group and of course you have only this line
permit persist keepenv :wheel
so far everything is peachy ok we are going to add a new line
permit nopass foo as root cmt /root/scripts/dosomething
and we save it ... ups we did a mistake an like to fix it, no worries we
can ... or cant we?
doas vi /etc/doas.conf
doas: syntax error at line 15
at this point you are a bit screwed because you cant edit the doas.conf
you cant reboot you only way seems to be a switch off. Ok maybe there
other was but hey I'm no pro Im a simple user and its a vm so switch it
off. Boot in single user mode, make a fsck because , mount the
patritions, export the TERM var so yu get a vi. Well seems we are back
in business but no we cant edit /etc/doas.conf. Doesnt matter we came so
far we simply copy the exmaple to /etc and be done with it. At that
point 5 to 10 min of your life is wasted with silly stuff but you may
have learn at least one thing ... read again what you just wrote before
you save it :)
Have a nice day list :) and happy helloween
--
Markus Rosjat fon: +49 351 8107224 mail: rosjat@ghweb.de
G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden
http://www.ghweb.de
fon: +49 351 8107220 fax: +49 351 8107227
Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
No comments:
Post a Comment