Comments (4)
Duncaen
commented on August 15, 2024
This should work with nopass set, I'm unable to reproduce the issue, maybe share the used configuration line.
And are you using pam or shadow authentication?
from opendoas.
magiruuvelvet
commented on August 15, 2024
permit nopass http cmd pihole
permit nopass http cmd /usr/bin/pihole
I use PAM for authentication. I tried to set a password for the user, but it still freezes and I can't figure out where exactly it hangs. Could this be PAM related?
EDIT: sudo also used PAM on my system. I removed sudo by now. Distro is Gentoo Linux
from opendoas.
magiruuvelvet
commented on August 15, 2024
I figured out the problem. For testing purposes I was running doas command from within a su - user session to see if the rules are working. This makes PAM unhappy for some reason. su is using PAM too on my system.
Testing some privileged features from the pihole web interface are working and I can see the doas process for a second in my process monitor.
I guess this is a PAM security feature to deny nested authentications or something.
from opendoas.
Duncaen
commented on August 15, 2024
Weird, nested pam sessions should generally work as login or your desktop manager also open a session in which you are running sudo or doas.
Are you sure its hanging in doas and not in su or the executed program?
I'm not really sure how to debug this properly other than a bunch of printf's in doas, attaching gdb or maybe somehow getting coredumps to work with the setuid binary and sending SIGABRT/SIGSEGV to see where it hangs if it is in doas and/or pam.
from opendoas.
Related Issues (20)
- Dead project? HOT 2
- [Feature Request] Adding `askpass` Support HOT 3
- `question:` How to run nobody under root ? HOT 2
- Failed to power off system via logind: Interactive authentication required. HOT 1
- security vulnerability: TIOCSTI tty character injection HOT 20
- Cross compiling is broken
- Permit with variable arguments
- FreeBSD persist support? HOT 1
- zsh completions? HOT 1
- Document the intended behavior of persist.
- `go build` fails when using `doas` HOT 4
- Pull request adding GitHub Actions CI welcome? HOT 1
- Show asterisks while typing. HOT 2
- arguments not passed HOT 3
- wrong shell HOT 10
- doas prints pam conversation to stdout HOT 1
- not rely a issue but question HOT 1
- [Bug Report] Incorrect result when using "-C" option HOT 3
- Add a 3 retries HOT 1
- ordering of rules affects operation HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opendoas.