Draft: main/doas make doas.d world readable for testing/doasedit: new aport
I am currently packaging a doasedit,
and it appears that the current permissions on
/etc/doas.d/
(set by commit 169b082f) break the doas -C $doas.d $prog
feature -
or rather makes it a feature that can only be used by root.
This MR reverts 169b082f and updates the doas.post-* scripts to chmod existing configs.
This MR also contains the new doasedit, although this can be split off on it's own of course.
More detailed Background:
I've created an /etc/doas.d/doasedit.conf
with contents:
permit :wheel cmd doasedit
But when I run $ doas -C /etc/doas.d doasedit
I get the error:
doas: could not open config directory /etc/doas.d: Permission denied
Once I've ran # chmod o+rx /etc/doas.d
the error is resolved.
At that point $ doas -C /etc/doas.d doasedit
reports:
permit
Whereas $ doas -u guest doas -C /etc/doas.d doasedit
reports:
deny