mirror of
https://github.com/slicer69/doas
synced 2024-09-28 20:23:31 +00:00
Added the "nolog" configuration file flag which allows specified
users to perform commands without successful commands being logged to syslogd. Added documentation to doas.conf manual page and doas.conf.sample files to include tips and and example of the "nolog" flag in action. The "nolog" flag is a feature of OpenBSD's doas command and has been introduced for compatibility and as an optional way to avoid filling up system logs with successful doas calls.
This commit is contained in:
parent
1110295035
commit
91622fcbb1
8
doas.c
8
doas.c
|
@ -557,8 +557,12 @@ main(int argc, char **argv)
|
|||
err(1, "pledge");
|
||||
*/
|
||||
|
||||
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
|
||||
myname, cmdline, target_pw->pw_name, cwd);
|
||||
/* skip logging if NOLOG is set */
|
||||
if (!(rule->options & NOLOG))
|
||||
{
|
||||
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
|
||||
myname, cmdline, target_pw->pw_name, cwd);
|
||||
}
|
||||
|
||||
envp = prepenv(rule, original_pw, target_pw);
|
||||
|
||||
|
|
|
@ -47,6 +47,9 @@ Options are:
|
|||
.Bl -tag -width keepenv
|
||||
.It Ic nopass
|
||||
The user is not required to enter a password.
|
||||
.It Ic nolog
|
||||
Do not log successful command execution to
|
||||
.Xr syslogd.
|
||||
.It Ic persist
|
||||
After the user successfully authenticates, do not ask for a password
|
||||
again for some time. Works on OpenBSD only, persist is not available on Linux or FreeBSD.
|
||||
|
|
|
@ -16,3 +16,7 @@ permit keepenv bob as root
|
|||
# to perform package updates and upgrades.
|
||||
permit cindy as root cmd pkg args update
|
||||
permit cindy as root cmd pkg args upgrade
|
||||
|
||||
# Allow david to run id command as root without logging it
|
||||
permit nolog david as root cmd id
|
||||
|
||||
|
|
1
doas.h
1
doas.h
|
@ -43,6 +43,7 @@ struct passwd *copyenvpw(struct passwd *original);
|
|||
#define NOPASS 0x1
|
||||
#define KEEPENV 0x2
|
||||
#define PERSIST 0x4
|
||||
#define NOLOG 0x8
|
||||
|
||||
#ifndef UID_MAX
|
||||
#define UID_MAX 65535
|
||||
|
|
6
parse.y
6
parse.y
|
@ -71,7 +71,7 @@ arraylen(const char **arr)
|
|||
%}
|
||||
|
||||
%token TPERMIT TDENY TAS TCMD TARGS
|
||||
%token TNOPASS TPERSIST TKEEPENV TSETENV
|
||||
%token TNOPASS TNOLOG TPERSIST TKEEPENV TSETENV
|
||||
%token TSTRING
|
||||
|
||||
%%
|
||||
|
@ -137,6 +137,9 @@ options: /* none */ {
|
|||
option: TNOPASS {
|
||||
$$.options = NOPASS;
|
||||
$$.envlist = NULL;
|
||||
} | TNOLOG {
|
||||
$$.options = NOLOG;
|
||||
$$.envlist = NULL;
|
||||
} | TPERSIST {
|
||||
$$.options = PERSIST;
|
||||
$$.envlist = NULL;
|
||||
|
@ -210,6 +213,7 @@ static struct keyword {
|
|||
{ "cmd", TCMD },
|
||||
{ "args", TARGS },
|
||||
{ "nopass", TNOPASS },
|
||||
{ "nolog", TNOLOG },
|
||||
{ "persist", TPERSIST },
|
||||
{ "keepenv", TKEEPENV },
|
||||
{ "setenv", TSETENV },
|
||||
|
|
Loading…
Reference in a new issue