Solved security/doas can't work with zsh alias

Code:
% cat /usr/local/etc/doas.conf
permit nopass keepenv fbsd as root
permit nopass keepenv root as root
% id -nu
fbsd
% doas id -nu
root
% echo $SHELL
/usr/local/bin/zsh
% doas echo $SHELL
/usr/local/bin/zsh
% alias
vi=vim
% doas alias
%
% doas -s 
# alias
vi=vim

As this shows, doas doesn't know any alias, so "doas vi" can't invoke installed vim. Now I have to run "doas -s" in a tmux window and stay it for alias requirements.

Is this reasonable or just my mistake? How to enable zsh alias for doas? Thanks!
 
I know it doesn't work with any shell on base system like csh/tcsh, so I want to try another shell in Ports like zsh.
 
I think tingo's point was that doas and sudo are supposed to work with commands, not aliases. I've never tried running an alias with sudo, bur I just tried and found that an alias created interactively in a shell session doesn't carry over when running sudo -Es either. So you'll need to try setting the alias in the shell configuration file for each user. If they don't work then, they won't work at all.

On top of tingo's question, I would ask: What's the difference between a regular user account with complete, password-free administrative access, and the root account?
 
sudo(8) wipes the environment except the variables mentioned with env_keep. Never really tested it with aliases but I'm pretty sure those are wiped along with the environment. I'm betting doas(1) does something similar.

It would be a serious security risk if aliases were inherited from the user. Imagine what would happen if the vi alias, besides opening the editor, also resets the root password?
 
doas doesn't know any alias
Yes, the simple technical reason is that it does not use a shell to execute the commands you give it. It just uses plain old regular execvp(2).

There is however a trick you can use to tell zsh to expand aliases for the word after doas before executing the command line (see zshmisc(1) under ALIASING). Just add this to your ~/.zshrc:
Code:
alias doas='doas '
% doas echo $SHELL
This doesn't do what you think it does. $SHELL is expanded by your local shell before doas even runs and its value is then simply passed to /bin/echo as an argument.
 
It works:
Code:
alias doas='doas '
Then I RTFM zshmisc(1):
ALIASING
Every eligible word in the shell input is checked to see if there is an
alias defined for it. If so, it is replaced by the text of the alias
if it is in command position (if it could be the first word of a simple
command), or if the alias is global. If the replacement text ends with
a space, the next word in the shell input is always eligible for pur-
poses of alias expansion.
An alias is defined using the alias builtin;
global aliases may be defined using the -g option to that builtin.​
Thanks for your help. I have marked this thread as "Solved".
 
Back
Top