From 420983479ddfa7f2eb13d13185fa3590c2fcfd81 Mon Sep 17 00:00:00 2001 From: sthen Date: Thu, 4 Feb 2021 22:12:03 +0000 Subject: [PATCH] remove the suggestion to permit pkg_add with doas "nopass" when doing ports dev work. if you are able to run pkg_add as root without a password, your account is root-equivalent. typing the password multiple times is a pain but if somebody is going to choose to weaken their local security in this way, it should be their own decision and not something they have read in a manpage. ok tb@ thfr@ --- share/man/man5/bsd.port.mk.5 | 34 +++++++++++++--------------------- 1 file changed, 13 insertions(+), 21 deletions(-) diff --git a/share/man/man5/bsd.port.mk.5 b/share/man/man5/bsd.port.mk.5 index 93ee5bd9fbb..41c13cd4674 100644 --- a/share/man/man5/bsd.port.mk.5 +++ b/share/man/man5/bsd.port.mk.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bsd.port.mk.5,v 1.536 2021/01/10 22:30:29 kn Exp $ +.\" $OpenBSD: bsd.port.mk.5,v 1.537 2021/02/04 22:12:03 sthen Exp $ .\" .\" Copyright (c) 2000-2008 Marc Espie .\" @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 10 2021 $ +.Dd $Mdocdate: February 4 2021 $ .Dt BSD.PORT.MK 5 .Os .Sh NAME @@ -2598,31 +2598,23 @@ permit keepenv nopass solene as _pbuild permit keepenv nopass solene as _pfetch .Ed .Pp +It is reasonably safe to allow your user id to run commands as the +.Ev BUILD_USER +or +.Ev FETCH_USER +and using +.Ic nopass +for these can save a lot of password entry, however it is inadvisable +to allow commands like +.Xr pkg_add 1 +to run as root without a password. +.Pp Note that this also means that .Xr doas 1 must be configured to work within the chroot created by .Xr proot 1 . .Pp -If the regular user is not allowed to run privileged commands -without entering a password, -you may want these additional rules in -.Xr doas.conf 5 , -to reduce the amount of times the password needs to be entered -during ports work: -.Bd -literal -offset indent -permit nopass solene cmd /usr/bin/touch -permit nopass setenv { \\ - TRUSTED_PKG_PATH TERM } solene cmd /usr/sbin/pkg_add -permit nopass setenv { \\ - TERM } solene cmd /usr/sbin/pkg_delete -.Ed -.Pp -Also, in such a situation, -the regular user will still need to enter their password when -.Xr update-plist 1 -is invoked. -.Pp As .Xr dpb 1 does its own privilege dropping when run as root, -- 2.20.1