zapper wrote:

@jwmkit what about cpu resources for jwmkit on daedalus vs chimaera

Wow!, I don't know how I missed your post.  It's been more than a month. I hope you didn't think I was ignoring you. Sorry.

I understand the concern of CPU usage.  Not only for performance, but battery life. I did not compare CPU usage of Daedalus with previous releases. Although I always keep an eye on HTOP,, and I can tell you CPU usage seemed pretty low, and I don't think it should be a concern.

Of course CPU usage is just like RAM usage.  Any noticeable difference is usually the result of additional services and software you install/configure.

Do you mean remove mentions in that file with 12K lines of all the mentions that dont work?
You would need to get a list of the ones that dont work and comment them out in that file so they dont run.

zapper wrote:

soren wrote:

Do you have other users on your machines? I dont understand the reasoning to deny root via doas if you are the sole user?

A few things, one of which being its a habit I have to use doas -s

I don't think its a wise behaviour if connected to internet

permit zapper as root
deny zapper as root cmd /bin/bash

Ok, but what about su?
su will still be able to get a shell wont it?
Or is the behavior you want, just to deny zapper root via doas.conf?
I would want to deny zapper via su as well if that is your threat model.

zapper wrote:

soren wrote:

I was confused what OP wanted to achieve.

Your answer looks to be the best after tinkering with doas config file.

This did in fact work! Thank you.

@chris2be8  I suppose it could give a false sense of security, but its also a habit I want to be better at fighting as well.

I sometimes become root this way a hell of a lot. So... yeah.

Btw, clarifying thank you @aitor

Just making sure you know that.

Do you have other users on your machines? I dont understand the reasoning to deny root via doas if you are the sole user?

aitor wrote:

zapper wrote:

This could be potentially helpful for me on any operating system as well and other people's too.

Does anyone know how to disallow the parameter that allows the user to become root?

doas -s

keeping all the power doas already has, but without allowing user to become fully root by doas -s and only that.

su must remain the same though as a huge edit and as said, the rest of doas as well.

Did you try with the following ruleset in your /etc/doas.conf?

permit zapper as root
deny zapper as root cmd /bin/bash

You can define more rules for other shells like /bin/sh, /bin/zsh, ...

I was confused what OP wanted to achieve.

Your answer looks to be the best after tinkering with doas config file.

zapper wrote:

golinux wrote:

@chris2be8 . . . Thanks for the great description. Found it . . . I think . . .

Which one is it? Just curious

The one I'm referring to was in issue 269, so it should be number 109 (number 099 was in issue 259). But that site won't show it.

I have a nasty suspicion you can't see the cartoons in the last year (you probably need a subscription). Sorry.

@chris2be8 . . . Thanks for the great description. Found it . . . I think . . .

zapper wrote:

Which tty are you using to log in?

Usually tty1-tty4 work and in my experience, the others are not so great and refuse to work.

I could get in only into 1 tty. I'll soon check what /etc/inittab says. Maybe something is still missing or Fujitsu's keyboard is a bit faulty.

It kind of made sense that i cannot get into root account by using "su -" if i enter wrong password too many times. But now i think that it could be unrealiable caps lock key/light also.