DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th November 2018
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 28
Default Doas.conf question

I am trying to set up my desktop with OpenBSD 6.4 to easily allow a user (myself) to mount and umount usb sticks.
So far I have been unable to mount or unmount as a user. This is what I have in my /etc/doas.conf file:

permit nopass staus as root cmd /sbin/mount
permit nopass staus as root cmd /sbin/umount

doas -C /etc/doas.conf exits without error, I think.

If I run doas -C /etc/doas.conf mount, I will get deny. (I also cannot mount the usb stick to my home directory, if I run doas mount /dev/sd2i <my dir>.

I have all the latest syspatches installed.
Any ideas. It is driving me nuts going through man pages and internet searches.
Reply With Quote
  #2   (View Single Post)  
Old 4th November 2018
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,503
Default

http://www.undeadly.org/cgi?action=a...20160715125022
Reply With Quote
  #3   (View Single Post)  
Old 4th November 2018
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 28
Default

Does this mean that 6.4 does not support user mounting?
If so, the man pages are woefully out of date.

I don't mind switching to root to mount a memory stick, but I was hoping to make it more convenient.

Thanks for the information.
Reply With Quote
  #4   (View Single Post)  
Old 4th November 2018
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

When want to mount drive or usb using doas, I copy the doas.conf file in the /etc/examples directory up to the /etc directory.

Then I mount with::

doas mount /dev/sd1i /mnt

Where:
1 is drive number
i is partition letter

And unmount with:

doas umount /mnt

If it gets annoying typing your user password every time, you can add 'persist' to the 'permit' command like so:

permit persist keepenv :wheel
Reply With Quote
  #5   (View Single Post)  
Old 4th November 2018
vns3 vns3 is offline
Port Guard
 
Join Date: Sep 2017
Posts: 25
Default

I am _pretty sure_ that when you use the nopass option with the full path specified, it requires that you use the exact string (i.e. the full path) in the config file.

So with your current config ...
Code:
doas /sbin/mount /some/device /some/directory
... should work without a password.

If you change the config file to just "mount" and "umount" I think that it will work like you expect it to, BUT that could be less secure, I remember reading somewhere in the man pages (can't find it now) that anyone could make a script called "mount" or "unmount" and run it with the nopass option, if your doas.conf is configured without the full path to the executable.

Last edited by vns3; 5th November 2018 at 12:13 AM.
Reply With Quote
  #6   (View Single Post)  
Old 5th November 2018
staus staus is offline
Port Guard
 
Join Date: May 2014
Posts: 28
Default

Thanks to all for your inputs. I created a usermount group. doas now works fairly well with my blackbox menu. No password required to mount dvds or usb memory sticks.
I'm very impressed with 6.4. So far it works well on my laptops and desktop. I may give up on Slackware eventually.
Reply With Quote
  #7   (View Single Post)  
Old 8th November 2018
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 652
Default

https://https.www.google.com.tedunan...t/doas-mastery 2 years old by now, and I'm late to the party, but I always find this one useful. (As most folks know, the persist option doesn't work on FreeSBD.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Restrict doas.conf to syspatch only bsd007 OpenBSD Security 19 19th October 2018 01:05 AM
httpd rc.conf.local question psypro OpenBSD General 3 30th October 2016 05:54 PM
N00b question - /etc/man.conf bceverly OpenBSD Packages and Ports 2 16th June 2015 05:28 PM
dhcpd.conf question bsdsource OpenBSD General 4 11th May 2014 05:30 AM
pf.conf label question toro7 OpenBSD Security 9 5th January 2012 08:56 PM


All times are GMT. The time now is 03:03 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick