*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello everyone! I have a script that I am using to mount drives via dmenu, in this script a friend finally helped me to get it so I can enter sudo via dmenu; the issue is I want to use this script on my main machine which uses doas (it runs OpenBSD) I really prefer doas as it is better in my opinion. I am unsure how to be able to enter my password via dmenu for it though. Does anyone know how to do the same thing I do here, but with doas?
Code:
#!/bin/sh
# store all none mounted drives
drive=$(lsblk -lp | grep "part $" | awk '{print $1, "(" $4 ")"}')
if [ "$drive" = "" ]
then
exit 0
fi
# ask which drive to mount
chosen=$(echo "$drive" | dmenu -i -p "Mount which drive?" | awk '{print $1}')
if [ "$chosen" = "" ]
then
exit 0
fi
# store mount directories in dirs
dirs=$(find /mnt/ /media/ -type d -maxdepth 3 2>/dev/null)
if [ "$dirs" = "" ]
then
exit 0
fi
mountpoint=$(echo "$dirs" | dmenu -i -p "Type in mount Point.")
if [ "$mountpoint" = "" ]
then
dmenu -i -p "$mountpoint does not exist"
fi
# enter password via dmenu
password=$(echo -n | dmenu -i -p "Enter password:")
# mount drive to mountpoint
echo $password | sudo mount $chosen $mountpoint && notify-send "$chosen mounted to $mountpoint."
I know storing the password in a variable is bad, this is a work in progress and I am looking into how to clear/remove these variables once the script is finished.
Marked as solved, I mean it isn't yet; but people are getting kinda heated so I'll close it...
I would try a different way, if you are using sudo. If you are careful, you can specify a pattern in your /etc/sudoers file and then precede it with NOPASSWD.
I would try a different way, if you are using sudo. If you are careful, you can specify a pattern in your /etc/sudoers file and then precede it with NOPASSWD.
I myself prefer to enter it, but I would love to use doas instead as it seems like a more simple way of doing what sudo does in my opinion.
Funny - I just read up on "doas" as I wasn't familiar with it. The primary reason one writer gives is because it is "runas on steroids" and implies that sudo can't do runas. In point of fact sudo allows runas_alias definitions in its sudoers file so does in fact allow for runas. I've used them here for years.
There isn't anything I've tried to accomplish with sudo that I wasn't able to do. I've used sudo on HP-UX, Solaris and Linux and *BSD and never saw any need for a replacement.
From my brief read it appears you can do a lot with doas as well.
Saying doas is superior (or sudo is superior) is purely subjective.
Such opinions, much like everything else in computing, are often based on how the person giving the opinion originally learned to do things. Years ago all AIX admins claimed it was the best UNIX variant but invariably it was the first (or only) one they'd used. The rest of us who learned other variants (AT&T, SCO, HP-UX, Solaris) first all hated AIX. Me, I liked AT&T then loved SCO and later HP-UX. When I ran across Solaris I disliked it but not quite as much as when I'd first run across AIX. Of course these days I use mostly Linux but the arguments about which distro is best seem to follow the same pattern.
The doas(1) utility is certainly simpler than sudo(1). That simplicity can be an aid to security. But it can also limit certain activities. As an example, the doas.conf(5) permit|deny rule can be provisioned with command arguments, but the arguments must match exactly, there is no wildcard globbing, there are no regular expressions.
When I script with doas(), I either accept that I will need to authenticate, or I have rules that permit a specific command (and optional, complete argument string) to be used with the nopass option.
The doas(1) utility is certainly simpler than sudo(1). That simplicity can be an aid to security. But it can also limit certain activities. As an example, the doas.conf(5) permit|deny rule can be provisioned with command arguments, but the arguments must match exactly, there is no wildcard globbing, there are no regular expressions.
When I script with doas(), I either accept that I will need to authenticate, or I have rules that permit a specific command (and optional, complete argument string) to be used with the nopass option.
That is unfortunate... I guess I could add a patch to doas to be able to pipe into it in the same way... For now I'll have to opt for sudo. I am not a big fan of adding a permanent option to allow any commands that need super to run without a password :/
Finding an OPINION written in a man page or on a project site does not convert it into a FACT. Use of comparatives like "simpler" (or superlatives like "best) in a discussion are usually good indicators you're reading an OPINION.
One can indeed restrict sudoers to allow commands to only run with given arguments. I've done it multiple times. One can also use meta-characters such as * to allow more arguments. As I noted before I've done a fair amount of sudoers definitions and have yet to find a task for which it couldn't be configured.
Someone who hasn't delved into sudo can't really give much detail about its capabilities much as I can't really give any detail about the capabilities of doas. If someone wants to use doas that is certainly their prerogative but spewing FUD about alternatives doesn't prove anything one way or the other. Notice that at no point did I say anything bad about "doas" - I simply indicated my preference for "sudo" and countered arguments about what it supposedly can't do.
Finding an OPINION written in a man page or on a project site does not convert it into a FACT. Use of comparatives like "simpler" (or superlatives like "best) in a discussion are usually good indicators you're reading an OPINION.
The use of the word "simpler" in the case of doas(1) is not an opinion, it's just stating a fact. It's a simpler programme. The term is not used in man pages for doas(1) and doas.conf(5) nor the relevant FAQ.
Quote:
Originally Posted by MensaWater
spewing FUD about alternatives doesn't prove anything one way or the other.
No one was "spewing FUD", you've clearly gotten the wrong end of the stick...
doas(1) is simpler code and a simpler programme. It doesn't have all of the features and functionality of sudo(8).
You can return to argue with upper case but it won't change much. It's a fact, proven by simply looking at the code and man pages.
As you're not an OpenBSD user and clearly don't understand why doas(1) replaced sudo(8) in the base system, I suspect that all of this is the product of some unfortunate misunderstanding on your part.
Writing a small simple replacement meant that we could ship something in base which was totally unsuitable for the power sysadmin group. It could only work for me, and I would be happy. Meanwhile, those who truly needed all the flexibility of sudo would install it from ports, and they would be happy.
Be aware that sudo(8) is also maintained and developed by Todd C. Miller an OpenBSD developer.
Quote:
Originally Posted by FOSSilized_Daemon
I wouldn't asked this question had I known this thread would have gotten this out of hand....
You have done nothing wrong in asking this question.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.