On Wed, Jun 12, 2019 at 09:08:29AM -0500, myportslist20190...@nym.hush.com wrote: > 2. man bsd.port.mk: in the PORTS_PRIVSEP section, where one adds > these commands to doas.conf: /usr/bin/touch, /usr/sbin/pkg_add, and > /usr/sbin/pkg_delete, I think an additional line is needed: > > permit nopass setenv { TERM } solene cmd /usr/bin/env Nope, you don't want that line.
If you allow /usr/bin/env without passwd, you may as well allow any command. The tree was fixed post-6.5 so that normal usage would no longer need env.