Re: Firefox ESR EOL
On Dec 18, 2021, at 12:44, Nicholas Geovanis wrote: > > >>> On Fri, Dec 10, 2021, 3:56 AM Andrei POPESCU >>> wrote: >>> On Jo, 09 dec 21, 23:24:11, Marco Möller wrote: >>> > >>> > It's a pity that Debian cannot be flexible to offer more secure and >>> > already >>> > available binary versions of software for the assumed many users only >>> > caring >>> > for installing a binary from the official Debian repository on some very >>> >> ARM64 is likely to see *more* (not less) use in desktops and laptops, >> and RISC V might also be an option in the future. > > > Maybe I missed something. Why RISC V? RISC V is open-source hardware, free of encumbrances from commercial licenses and fees. dn > >> The additional competition is healthy also for x86 (even if less so for >> Intel's and AMD's bottom line). >> >> Kind regards, >> Andrei >> -- >> http://wiki.debian.org/FAQsFromDebianUser
Re: doas 101 question
On 12/17/21 8:16 PM, Greg Wooledge wrote: On Fri, Dec 17, 2021 at 12:20:43PM -0800, David Newman wrote: How to configure /etc/doas.conf so a non-root user gets root's PATH? This works for me: unicorn:~$ PATH=/usr/local/bin:/usr/bin:/bin unicorn:~$ cat /etc/doas.conf permit setenv { PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } greg unicorn:~$ doas env | grep PATH doas (greg@unicorn) password: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin Thanks for this. I get similar results where doas shows root's PATH -- but I cannot execute a file called '/usr/local/sbin/s', which is owned by root:root and has 0750 permissions, unless I specify the full path: dnewman@coppi:~$ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games dnewman@coppi:~$ cat /etc/doas.conf permit nopass setenv { PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } dnewman dnewman@coppi:~$ doas env | grep PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin dnewman@coppi:~$ doas s mailman3 doas: s: command not found dnewman@coppi:~$ doas /usr/local/sbin/s mailman3 ● mailman3.service - GNU Mailing List Manager .. permit nopass setenv { PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } dnewman as root permit nopass keepenv root as root permit nopass setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } dnewman as root permit nopass keepenv root as root You've got two contradictory lines for "dnewman as root", with the latter having a setenv clause without PATH in it. Clarification: The examples in my previous email were two different two-line configurations. It wasn't a four-line doas.conf file. The second two-line example was taken from an OpenBSD box where invoking doas allows execution without the full path. However, in that case I think it's because regular users already have /usr/local/sbin in their PATH, and so possibly unrelated to doas. I would imagine the latter wins out (because it occurs last), and therefore your PATH variable doesn't get set. I don't know how repeated "dnewman as root" lines would be handled if only one of them had a setenv clause. You could experiment and find out. It would be easier just to get rid of the second line. Good idea. Per the example above it's just one line now, similar to yours. dn
doas 101 question
bullseye 11.1, 5.10.0-9-amd64, doas 6.8.1-2 How to configure /etc/doas.conf so a non-root user gets root's PATH? Neither of these options work when attempting to execute a command in /usr/sbin via doas (e.g., 'doas '): permit nopass setenv { PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } dnewman as root permit nopass keepenv root as root permit nopass setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } dnewman as root permit nopass keepenv root as root The latter is from doas on OpenBSD, but I think that works because non-root user accounts already have various sbins in their PATH. I'm aware that linux-utils changed behavior a few years ago, and that non-root users have a more restricted PATH. However, I'm unclear on what steps to take so that non-root users can temporarily use root's PATH. Thanks. dn