| View previous topic :: View next topic |
| Author |
Message |
FeStus96
n00b
Joined: 16 Sep 2021
Posts: 12
|
 Posted: Mon Sep 27, 2021 4:19 am Post subject: Doas USE flags |
 |
|
So i was thinking about replacing sudo with doas but noticed that it has the USE flag pam, and the system im using has that disabled, would i need to enable that flag for doas to work or does that dependency not matter for functionality?
Thank you. |
|
| Back to top |
|
 |
mrbassie
l33t
Joined: 31 May 2013
Posts: 740
|
| Posted: Mon Sep 27, 2021 3:25 pm Post subject: |
|
|
| Try it and see. You can have sudo and doas installed at the same time. |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 20986
|
| Posted: Mon Sep 27, 2021 4:21 pm Post subject: |
|
|
| Normally, a USE flag is present only if both +flag and -flag are expected to work. If doas is broken without pam, then it should not have USE=pam; instead, it should have a hard dependency on the necessary pam packages. Therefore, if doas with USE=-pam does not work at all, you should report it as a bug. Note however that it is legal and common for setting USE=-flag to result in reduced functionality. Whether the reduction will matter to your use case varies. It is not a bug if the program works correctly but is missing a feature that is guarded by the USE flag. |
|
| Back to top |
|
|
Anon-E-moose
Watchman
Joined: 23 May 2008
Posts: 6031
Location: Dallas area
|
| Posted: Mon Sep 27, 2021 8:14 pm Post subject: |
|
|
From the README (from git)
| Quote: | This is not an official port/project from OpenBSD!
As much as possible I've attempted to stick to doas as tedu desired it. As things stand it's essentially just code lifted from OpenBSD with PAM or shadow based authentication glommed on to it. |
So it has the ability to work without pam, but not sure how "secure" it would be, as it's using pam for authentication.
Note: I didn't chase into the code so it's possible it's secure by way of shadow.
Edit to add:
| Code: | #if defined(USE_SHADOW)
if (!(rule->options & NOPASS)) {
if (nflag)
errx(1, "Authentication required");
shadowauth(mypw->pw_name, rule->options & PERSIST);
}
#elif !defined(USE_PAM)
/* no authentication provider, only allow NOPASS rules */
(void) nflag;
if (!(rule->options & NOPASS))
errx(1, "Authentication required");
#endif |
So it check for use shadow, and if use pam isn't set then it uses some defaults.
_________________
PRIME x570-pro, 3700x, 6.1 zen kernel
gcc 13, profile 17.0 (custom bare multilib), openrc, wayland |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Portage & Programming
