zapper wrote:

soren wrote:

Do you have other users on your machines? I dont understand the reasoning to deny root via doas if you are the sole user?

A few things, one of which being its a habit I have to use doas -s

I don't think its a wise behaviour if connected to internet

permit zapper as root
deny zapper as root cmd /bin/bash

Ok, but what about su?
su will still be able to get a shell wont it?
Or is the behavior you want, just to deny zapper root via doas.conf?
I would want to deny zapper via su as well if that is your threat model.

zapper wrote:

soren wrote:

I was confused what OP wanted to achieve.

Your answer looks to be the best after tinkering with doas config file.

This did in fact work! Thank you.

@chris2be8  I suppose it could give a false sense of security, but its also a habit I want to be better at fighting as well.

I sometimes become root this way a hell of a lot. So... yeah.

Btw, clarifying thank you @aitor

Just making sure you know that.

Do you have other users on your machines? I dont understand the reasoning to deny root via doas if you are the sole user?

aitor wrote:

zapper wrote:

This could be potentially helpful for me on any operating system as well and other people's too.

Does anyone know how to disallow the parameter that allows the user to become root?

doas -s

keeping all the power doas already has, but without allowing user to become fully root by doas -s and only that.

su must remain the same though as a huge edit and as said, the rest of doas as well.

Did you try with the following ruleset in your /etc/doas.conf?

permit zapper as root
deny zapper as root cmd /bin/bash

You can define more rules for other shells like /bin/sh, /bin/zsh, ...

I was confused what OP wanted to achieve.

Your answer looks to be the best after tinkering with doas config file.

zapper wrote:

golinux wrote:

@chris2be8 . . . Thanks for the great description. Found it . . . I think . . .

Which one is it? Just curious

The one I'm referring to was in issue 269, so it should be number 109 (number 099 was in issue 259). But that site won't show it.

I have a nasty suspicion you can't see the cartoons in the last year (you probably need a subscription). Sorry.

@chris2be8 . . . Thanks for the great description. Found it . . . I think . . .

zapper wrote:

Which tty are you using to log in?

Usually tty1-tty4 work and in my experience, the others are not so great and refuse to work.

I could get in only into 1 tty. I'll soon check what /etc/inittab says. Maybe something is still missing or Fujitsu's keyboard is a bit faulty.

It kind of made sense that i cannot get into root account by using "su -" if i enter wrong password too many times. But now i think that it could be unrealiable caps lock key/light also.

Why should it be? Showcasing stupidity might be a positive and informative experience for some. IOW . . . don't post detritus that deserves to be taken down in the first place . . .

amaro wrote:

The current color scheme is perfect. And as the saying goes, If it is not broken, don't change it.

Thanks! I hope you will feel the same about Daedalus Sapphire if/when it happens . . .

golinux wrote:

@brday . . . I don't understand your question. AFAIK weekly builds of the daedalus (testing) installer-iso are updated every Monday and available for download on our mirrors.

My question was about the repositories, latest or quarterly. In the system installation or already installed system, is there any way to modify the file containing the repositories, changing the quarterly repositories for latest repositories?