diff options
| author |   kn <kn@openbsd.org> | 2020-10-09 00:04:05 +0000 |
|---|---|---|
| committer | kn <kn@openbsd.org> | 2020-10-09 00:04:05 +0000 |
| commit | 91fb18fc81ed4cd273b09b4d1e341418c5c399d3 (patch) | |
| tree | 3105e0033937a18d3cdf851272e49e10d3ff7fb8 | |
| parent | Add regress for ocspcheck (diff) | |
| download | wireguard-openbsd-91fb18fc81ed4cd273b09b4d1e341418c5c399d3.tar.xz wireguard-openbsd-91fb18fc81ed4cd273b09b4d1e341418c5c399d3.zip | |
Improve error message on missing permission
In case "cmd" (and "args") in doas.conf(5) mismatch, the log syslog(3)
message might be read as if the command was executed but failed, i.e.
returned non-zero.
Be unambiguous and help admins spot execution *attempts* as such:
-Oct 9 01:05:20 eru doas: failed command for kn: echo bar
+Oct 9 01:05:20 eru doas: command not permitted for kn: echo bar
OK tedu deraadt
| -rw-r--r-- | usr.bin/doas/doas.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index a723c67a3eb..e25b509e532 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.82 2019/10/18 17:15:45 tedu Exp $ */ +/* $OpenBSD: doas.c,v 1.83 2020/10/09 00:04:05 kn Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -396,7 +396,7 @@ main(int argc, char **argv) if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, - "failed command for %s: %s", mypw->pw_name, cmdline); + "command not permitted for %s: %s", mypw->pw_name, cmdline); errc(1, EPERM, NULL); } |