First, thank you Mr. Unangst for a beautifully simple piece of code. The
configuration file is a delight as well. I was happy to remove sudo from
my servers.
What I don't understand is the `-s` argument used to execute a shell.
What would a corresponding doas.conf(5) look like?
Can't shell execution be accomplished using doas.conf only, without the
need for the doas "-s" argument?
For example, the following two configurations seem to accomplish the
same with the exception of the environment variables explicitly set by
su(1):
$ cat /etc/doas.conf
permit USR as root cmd su
$ doas su
#
$ cat /etc/doas.conf
permit USR as root cmd /bin/ksh
$ doas -s
#
Other than compatibility with `sudo -s`, what are the benefits of `doas -s`?
Thank you,
Clint