Re: Firefox ESR EOL
On Dec 18, 2021, at 12:44, Nicholas Geovanis wrote: > > >>> On Fri, Dec 10, 2021, 3:56 AM Andrei POPESCU >>> wrote: >>> On Jo, 09 dec 21, 23:24:11, Marco Möller wrote: >>> > >>> > It's a pity that Debian cannot be flexible to offer more secure and >>> > already >>> > available binary versions of software for the assumed many users only >>> > caring >>> > for installing a binary from the official Debian repository on some very >>> >> ARM64 is likely to see *more* (not less) use in desktops and laptops, >> and RISC V might also be an option in the future. > > > Maybe I missed something. Why RISC V? RISC V is open-source hardware, free of encumbrances from commercial licenses and fees. dn > >> The additional competition is healthy also for x86 (even if less so for >> Intel's and AMD's bottom line). >> >> Kind regards, >> Andrei >> -- >> http://wiki.debian.org/FAQsFromDebianUser
Re: doas 101 question
On 12/17/21 8:16 PM, Greg Wooledge wrote:
On Fri, Dec 17, 2021 at 12:20:43PM -0800, David Newman wrote:
How to configure /etc/doas.conf so a non-root user gets root's PATH?
This works for me:
unicorn:~$ PATH=/usr/local/bin:/usr/bin:/bin
unicorn:~$ cat /etc/doas.conf
permit setenv {
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } greg
unicorn:~$ doas env | grep PATH
doas (greg@unicorn) password:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Thanks for this. I get similar results where doas shows root's PATH --
but I cannot execute a file called '/usr/local/sbin/s', which is owned
by root:root and has 0750 permissions, unless I specify the full path:
dnewman@coppi:~$ echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
dnewman@coppi:~$ cat /etc/doas.conf
permit nopass setenv {
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } dnewman
dnewman@coppi:~$ doas env | grep PATH
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
dnewman@coppi:~$ doas s mailman3
doas: s: command not found
dnewman@coppi:~$ doas /usr/local/sbin/s mailman3
● mailman3.service - GNU Mailing List Manager
..
permit nopass setenv {
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin } dnewman
as root
permit nopass keepenv root as root
permit nopass setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } dnewman as root
permit nopass keepenv root as root
You've got two contradictory lines for "dnewman as root", with the latter
having a setenv clause without PATH in it.
Clarification: The examples in my previous email were two different
two-line configurations. It wasn't a four-line doas.conf file.
The second two-line example was taken from an OpenBSD box where invoking
doas allows execution without the full path. However, in that case I
think it's because regular users already have /usr/local/sbin in their
PATH, and so possibly unrelated to doas.
I would imagine the latter
wins out (because it occurs last), and therefore your PATH variable doesn't
get set.
I don't know how repeated "dnewman as root" lines would be handled if only
one of them had a setenv clause. You could experiment and find out. It
would be easier just to get rid of the second line.
Good idea. Per the example above it's just one line now, similar to yours.
dn
doas 101 question
bullseye 11.1, 5.10.0-9-amd64, doas 6.8.1-2
How to configure /etc/doas.conf so a non-root user gets root's PATH?
Neither of these options work when attempting to execute a command in
/usr/sbin via doas (e.g., 'doas '):
permit nopass setenv {
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin }
dnewman as root
permit nopass keepenv root as root
permit nopass setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } dnewman as root
permit nopass keepenv root as root
The latter is from doas on OpenBSD, but I think that works because
non-root user accounts already have various sbins in their PATH.
I'm aware that linux-utils changed behavior a few years ago, and that
non-root users have a more restricted PATH. However, I'm unclear on what
steps to take so that non-root users can temporarily use root's PATH.
Thanks.
dn
