I was following the doas.conf example in
<https://man.openbsd.org/OpenBSD-6.0/man5/doas.conf.5>
Specially I added the below:
permit nopass setenv { \
FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \
DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \
MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \
PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \
SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc
Above these I have my regular conf of:
permit :wheel
permit persist keepenv root
permit persist keepenv jjf as root
permit nopass jjf cmd reboot
I find that with that I can run the below commands without being
prompted for a password from doas. Is that expected from the above
settings? The description implies that this is helpful for building
ports.
$ doas su root
$ doas sysupgrade
$ doas pkg_add -u
Without the example settings I am prompted for a password for the
above commands.
I am on:
kern.version=OpenBSD 7.2-current (GENERIC.MP) #1005: Sun Jan 29 21:01:12 MST
2023
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
