opendoas

my fork of doas with custom prompt
git clone git://git.kocotian.pl/opendoas.git
Log | Files | Refs | README | LICENSE

commit 7441dfc4da8c9474ee767464dabe73ca90ff42ae
parent 1ae55876daaf1d2d02e6261db7b6dd08c41b8fcb
Author: kn <kn>
Date:   Fri,  9 Oct 2020 00:04:05 +0000

Improve error message on missing permission

In case "cmd" (and "args") in doas.conf(5) mismatch, the log syslog(3)
message might be read as if the command was executed but failed, i.e.
returned non-zero.

Be unambiguous and help admins spot execution *attempts* as such:

-Oct  9 01:05:20 eru doas: failed command for kn: echo bar
+Oct  9 01:05:20 eru doas: command not permitted for kn: echo bar

OK tedu deraadt

Diffstat:
Mdoas.c | 2+-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doas.c b/doas.c @@ -340,7 +340,7 @@ main(int argc, char **argv) if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, - "failed command for %s: %s", mypw->pw_name, cmdline); + "command not permitted for %s: %s", mypw->pw_name, cmdline); errc(1, EPERM, NULL); }