Problem with doas and unbound-adblock

[epitaxial]

I'm trying to get the unbound-adblock script from https://geoghegan.ca/unbound-adblock.html working but the doas command is giving me problems.

I'm following the instructions and here is my /etc/doas.conf

Code:

permit nopass _adblock cmd rcctl args reload unbound

Running the command

Code:

epitaxial ~ $ doas -u _adblock sh /usr/local/bin/unbound-adblock.sh
doas: Operation not permitted

The script exists in that location and is marked executable. Running it as root gives the same results. This is under OpenBSD 6.7, What gives?

[victorvas]

Put an empty new line at the end of doas.conf

[TronDD]

Do you have the doas permissions to run the script as _adblock?

[LeFrettchen]

Code:

doas: Operation not permitted

Operation not permitted means it's a username-related issue.

I think TronDD asked the right question.

[epitaxial]

Quote:

Originally Posted by TronDD

Do you have the doas permissions to run the script as _adblock?

Isn't that set by doas.conf? I'm confused

[TronDD]

If that is your entire doas.conf file, you never gave anyone permission to run the script as user _adblock.

Is that your entire doas.conf file? If not, what is the whole thing?

[epitaxial]

Quote:

Originally Posted by TronDD

If that is your entire doas.conf file, you never gave anyone permission to run the script as user _adblock.

Is that your entire doas.conf file? If not, what is the whole thing?

Now that makes more sense. Here is my whole doas.conf

Code:

permit nopass epitaxial as _adblock
permit nopass _adblock cmd rcctl args reload unbound

Thanks.

[TronDD]

So user epitaxial can run the command in your first post.

doas -u _adblock sh /usr/local/bin/unbound-adblock.sh

Run it again as epitaxial. What is the output? What is in /var/log/secure?

[epitaxial]

Adding that first line to my doas.conf fixed the problem.