LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices


Reply
  Search this Thread
Old 06-17-2019, 11:24 AM   #1
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Rep: Reputation: 13
[Not Really] Doas Scriptablitiy


Hello everyone! I have a script that I am using to mount drives via dmenu, in this script a friend finally helped me to get it so I can enter sudo via dmenu; the issue is I want to use this script on my main machine which uses doas (it runs OpenBSD) I really prefer doas as it is better in my opinion. I am unsure how to be able to enter my password via dmenu for it though. Does anyone know how to do the same thing I do here, but with doas?

Code:
#!/bin/sh

# store all none mounted drives
drive=$(lsblk -lp | grep "part $" | awk '{print $1, "(" $4 ")"}')

if [ "$drive" = "" ]
then
	exit 0
fi

# ask which drive to mount
chosen=$(echo "$drive" | dmenu -i -p "Mount which drive?" | awk '{print $1}')

if [ "$chosen" = "" ]
then
	exit 0
fi

# store mount directories in dirs
dirs=$(find /mnt/ /media/ -type d -maxdepth 3 2>/dev/null)

if [ "$dirs" = "" ]
then
	exit 0
fi

mountpoint=$(echo "$dirs" | dmenu -i -p "Type in mount Point.")

if [ "$mountpoint" = "" ]
then
dmenu -i -p "$mountpoint does not exist"
fi

# enter password via dmenu
password=$(echo -n | dmenu -i -p "Enter password:")

# mount drive to mountpoint
echo $password | sudo mount $chosen $mountpoint && notify-send "$chosen mounted to $mountpoint."
I know storing the password in a variable is bad, this is a work in progress and I am looking into how to clear/remove these variables once the script is finished.

Marked as solved, I mean it isn't yet; but people are getting kinda heated so I'll close it...

Last edited by FOSSilized_Daemon; 06-18-2019 at 10:41 AM.
 
Old 06-17-2019, 11:41 AM   #2
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,047
Blog Entries: 3

Rep: Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951
I would try a different way, if you are using sudo. If you are careful, you can specify a pattern in your /etc/sudoers file and then precede it with NOPASSWD.
 
Old 06-17-2019, 11:52 AM   #3
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Original Poster
Rep: Reputation: 13
Quote:
Originally Posted by Turbocapitalist View Post
I would try a different way, if you are using sudo. If you are careful, you can specify a pattern in your /etc/sudoers file and then precede it with NOPASSWD.
I myself prefer to enter it, but I would love to use doas instead as it seems like a more simple way of doing what sudo does in my opinion.
 
Old 06-17-2019, 11:58 AM   #4
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,047
Blog Entries: 3

Rep: Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951Reputation: 1951
doas can only take strings not patters, so you'd have to ennumerate the options. That can be a problem if there are many.

With sudo you can try a pattern:

Code:
%foss ALL=(root:root) /bin/mount /dev/sd[a-f][0-9] /mnt[0-9]
 
Old 06-17-2019, 12:09 PM   #5
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,795
Blog Entries: 15

Rep: Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645
Funny - I just read up on "doas" as I wasn't familiar with it. The primary reason one writer gives is because it is "runas on steroids" and implies that sudo can't do runas. In point of fact sudo allows runas_alias definitions in its sudoers file so does in fact allow for runas. I've used them here for years.

There isn't anything I've tried to accomplish with sudo that I wasn't able to do. I've used sudo on HP-UX, Solaris and Linux and *BSD and never saw any need for a replacement.

From my brief read it appears you can do a lot with doas as well.

Saying doas is superior (or sudo is superior) is purely subjective.

Such opinions, much like everything else in computing, are often based on how the person giving the opinion originally learned to do things. Years ago all AIX admins claimed it was the best UNIX variant but invariably it was the first (or only) one they'd used. The rest of us who learned other variants (AT&T, SCO, HP-UX, Solaris) first all hated AIX. Me, I liked AT&T then loved SCO and later HP-UX. When I ran across Solaris I disliked it but not quite as much as when I'd first run across AIX. Of course these days I use mostly Linux but the arguments about which distro is best seem to follow the same pattern.
 
Old 06-17-2019, 12:43 PM   #6
jggimi
Member
 
Registered: Jan 2016
Distribution: None. Just OpenBSD.
Posts: 214

Rep: Reputation: 89
The doas(1) utility is certainly simpler than sudo(1). That simplicity can be an aid to security. But it can also limit certain activities. As an example, the doas.conf(5) permit|deny rule can be provisioned with command arguments, but the arguments must match exactly, there is no wildcard globbing, there are no regular expressions.

When I script with doas(), I either accept that I will need to authenticate, or I have rules that permit a specific command (and optional, complete argument string) to be used with the nopass option.

Last edited by jggimi; 06-17-2019 at 12:44 PM.
 
Old 06-17-2019, 01:09 PM   #7
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Original Poster
Rep: Reputation: 13
Quote:
Originally Posted by jggimi View Post
The doas(1) utility is certainly simpler than sudo(1). That simplicity can be an aid to security. But it can also limit certain activities. As an example, the doas.conf(5) permit|deny rule can be provisioned with command arguments, but the arguments must match exactly, there is no wildcard globbing, there are no regular expressions.

When I script with doas(), I either accept that I will need to authenticate, or I have rules that permit a specific command (and optional, complete argument string) to be used with the nopass option.
That is unfortunate... I guess I could add a patch to doas to be able to pipe into it in the same way... For now I'll have to opt for sudo. I am not a big fan of adding a permanent option to allow any commands that need super to run without a password :/
 
Old 06-17-2019, 01:27 PM   #8
jggimi
Member
 
Registered: Jan 2016
Distribution: None. Just OpenBSD.
Posts: 214

Rep: Reputation: 89
You might experiment with one of the alternative authentication methods offered by $ doas -a <style>.
 
Old 06-17-2019, 02:10 PM   #9
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,795
Blog Entries: 15

Rep: Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645
Quote:
Originally Posted by jggimi View Post
simpler
Finding an OPINION written in a man page or on a project site does not convert it into a FACT. Use of comparatives like "simpler" (or superlatives like "best) in a discussion are usually good indicators you're reading an OPINION.

One can indeed restrict sudoers to allow commands to only run with given arguments. I've done it multiple times. One can also use meta-characters such as * to allow more arguments. As I noted before I've done a fair amount of sudoers definitions and have yet to find a task for which it couldn't be configured.

Someone who hasn't delved into sudo can't really give much detail about its capabilities much as I can't really give any detail about the capabilities of doas. If someone wants to use doas that is certainly their prerogative but spewing FUD about alternatives doesn't prove anything one way or the other. Notice that at no point did I say anything bad about "doas" - I simply indicated my preference for "sudo" and countered arguments about what it supposedly can't do.
 
Old 06-17-2019, 02:34 PM   #10
jggimi
Member
 
Registered: Jan 2016
Distribution: None. Just OpenBSD.
Posts: 214

Rep: Reputation: 89
Here's some actual fact.
Code:
$ man doas.conf | wc
      96     497    4490
$ man sudo.conf | wc
     434    2489   21139
But I'm not here to argue. Just to point out that sudo(1) might be a better fit for use-cases such as this one.
 
Old 06-17-2019, 05:45 PM   #11
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,284
Blog Entries: 5

Rep: Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507
Quote:
Originally Posted by MensaWater View Post
Finding an OPINION written in a man page or on a project site does not convert it into a FACT. Use of comparatives like "simpler" (or superlatives like "best) in a discussion are usually good indicators you're reading an OPINION.
The use of the word "simpler" in the case of doas(1) is not an opinion, it's just stating a fact. It's a simpler programme. The term is not used in man pages for doas(1) and doas.conf(5) nor the relevant FAQ.
Quote:
Originally Posted by MensaWater View Post
spewing FUD about alternatives doesn't prove anything one way or the other.
No one was "spewing FUD", you've clearly gotten the wrong end of the stick...

Last edited by cynwulf; 06-17-2019 at 05:57 PM.
 
Old 06-18-2019, 08:08 AM   #12
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,795
Blog Entries: 15

Rep: Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645Reputation: 1645
Your OPINION that the OPINION stated is correct does not make it a FACT.
 
Old 06-18-2019, 08:27 AM   #13
jggimi
Member
 
Registered: Jan 2016
Distribution: None. Just OpenBSD.
Posts: 214

Rep: Reputation: 89
Wow. And all I did was recommend the utility YOU PREFER.

Jeebus.
 
Old 06-18-2019, 10:40 AM   #14
FOSSilized_Daemon
Member
 
Registered: Mar 2019
Posts: 188

Original Poster
Rep: Reputation: 13
Quote:
Originally Posted by jggimi View Post
Wow. And all I did was recommend the utility YOU PREFER.

Jeebus.
I wouldn't asked this question had I known this thread would have gotten this out of hand....
 
Old 06-18-2019, 10:48 AM   #15
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,284
Blog Entries: 5

Rep: Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507Reputation: 1507
Quote:
Originally Posted by MensaWater View Post
Your OPINION that the OPINION stated is correct does not make it a FACT.
https://cvsweb.openbsd.org/src/usr.bin/doas/

https://www.sudo.ws/repos/sudo/file/1.8/src

doas(1) is simpler code and a simpler programme. It doesn't have all of the features and functionality of sudo(8).

You can return to argue with upper case but it won't change much. It's a fact, proven by simply looking at the code and man pages.

As you're not an OpenBSD user and clearly don't understand why doas(1) replaced sudo(8) in the base system, I suspect that all of this is the product of some unfortunate misunderstanding on your part.

https://flak.tedunangst.com/post/doas

Quote:
Writing a small simple replacement meant that we could ship something in base which was totally unsuitable for the power sysadmin group. It could only work for me, and I would be happy. Meanwhile, those who truly needed all the flexibility of sudo would install it from ports, and they would be happy.
Be aware that sudo(8) is also maintained and developed by Todd C. Miller an OpenBSD developer.

Quote:
Originally Posted by FOSSilized_Daemon View Post
I wouldn't asked this question had I known this thread would have gotten this out of hand....
You have done nothing wrong in asking this question.

Last edited by cynwulf; 06-18-2019 at 11:00 AM.
 
2 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Other *NIX Forums > *BSD

All times are GMT -5. The time now is 12:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration