From owner-freebsd-questions@freebsd.org Tue Jul 18 16:16:10 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49768D9690D for ; Tue, 18 Jul 2017 16:16:10 +0000 (UTC) (envelope-from alphachi@mediaspirit.org) Received: from mail-oi0-x231.google.com (mail-oi0-x231.google.com [IPv6:2607:f8b0:4003:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 00E7E7364B for ; Tue, 18 Jul 2017 16:16:09 +0000 (UTC) (envelope-from alphachi@mediaspirit.org) Received: by mail-oi0-x231.google.com with SMTP id x187so21156582oig.3 for ; Tue, 18 Jul 2017 09:16:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mediaspirit-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=1c8u7PgDWZlgnsUAkoRX8yUPPWGhcaSJD6ww4llbAJ4=; b=TOGUwCJM7Cd9RtmJKN4gxXJidKdu85I6fzFRYN341ctuz463Nl+zo+XJ5Bl+Tq0Wln 6sYarqbuU3GOkX0xbO6SdjSijuIIXLyKhfbXg1kEp1r2pIGijKsihCl4lQIgiWr9ZQ8Q JuR8pRw2VrcrqtMRJKR/RaSzy5SA+ydtjSYGL1hZUfmFV8W/bbMvAWKb0eZbI9/vJW14 E/KiP8N73hcPmCOAbcOPPUlP3/0vPcknIGz5Ef6L/t8ABHc5UvFJDmJuYkB59XbUtXqU QrtpKE9nr+1i388hUAs5bLmrQ7IvkLjv4T+lVNFejb15GBNLMw+HuXcz4FCqplHWwRpU oYcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=1c8u7PgDWZlgnsUAkoRX8yUPPWGhcaSJD6ww4llbAJ4=; b=nojWfznEQ9ZIVYX55EnmwnfNKrVEES2GonLKEB4cvY3H8T1siG33XKVWg+L1WpnSeg gOiLR+toJSxqE9kQZk194POg2Al9gJSdIP7oUrKvSvkcmFNoB6KJ6K+nm4XCQrDcmvHK UKx/9P+XLY1HtTQocjEliMlr0QtLiTbYcwU+0jxzOA8OBH8IwXqtcdv35lZ4b7ELunij kI0jslKABQg6xN29VfNnXA8DY3a73DQP9uKD6kOcph9Vz4qNl8HYns00BhTucW0xLW9C Tusyanm60ucD2wTlUsVBNbaBttf1LcCQdjqfhQ0VWOObGd9j2eeC0Fm0YvtYYnXuidsN aF3Q== X-Gm-Message-State: AIVw112RBa2DGV6ba/NuzOioNjGyoA4aHethztgw7f3K7gtK32HMqM72 +y1fLe39FUce/VW7Fxz9swbdCl8x0j1t2xE= X-Received: by 10.202.81.147 with SMTP id f141mr1452949oib.186.1500394568634; Tue, 18 Jul 2017 09:16:08 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.142.147 with HTTP; Tue, 18 Jul 2017 09:16:08 -0700 (PDT) In-Reply-To: References: <20170627081354.bf6ae28e.freebsd@edvax.de> From: alphachi Date: Wed, 19 Jul 2017 00:16:08 +0800 Message-ID: Subject: Re: security/doas can't work with zsh alias To: Polytropon Cc: "list: freebsd" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2017 16:16:10 -0000 This works: % echo "alias doas=3D'doas '" >> ~/.zshrc Thanks for the thread: https://forums.freebsd.org/threads/61539/ 2017-06-27 16:48 GMT+08:00 alphachi : > So I think the simplest approach is: run "doas -s" and stay this shell fo= r > dealing alias requirements. > > Any other ideas? > > 2017=E5=B9=B46=E6=9C=8827=E6=97=A5 14:13=EF=BC=8C"Polytropon" =E5=86=99=E9=81=93=EF=BC=9A > >> On Mon, 26 Jun 2017 20:25:02 +0800, alphachi wrote: >> > I'm preparing to migrate to doas and the following commands are my tes= t: >> > >> > % cat /usr/local/etc/doas.conf >> > permit nopass keepenv fbsd as root >> > permit nopass keepenv root as root >> > % id -nu >> > fbsd >> > % doas id -nu >> > root >> > % echo $SHELL >> > /usr/local/bin/zsh >> > % doas echo $SHELL >> > /usr/local/bin/zsh >> > % alias >> > vi=3Dvim >> > % doas alias >> > % >> > >> > As this shows, doas doesn't know this alias, so "doas vi" can't invoke >> > installed vim. >> > >> > Is this reasonable or just my mistake? How to enable zsh alias for doa= s? >> >> A possible explanation is that the subshell that executes the >> "alias" (internal) command provided through doas does not inherit >> the environment that stored the alias for the user shell; in >> such a case, root's environment (without the alias) will be >> used while the doas shell is running, that's why the "vi=3Dvim" >> setting is not in that environment. >> >> However, that exactly seems to conflict with the "keepenv" >> option provided by doas.conf, except of course aliases are >> being handled independently from environmental variables >> (which the "env" in "keepenv" could refer to). >> >> >> >> -- >> Polytropon >> Magdeburg, Germany >> Happy FreeBSD user since 4.0 >> Andra moi ennepe, Mousa, ... >> > --=20 Paranoid in Sabbath ...