security/doas can't work with zsh alias

Polytropon freebsd at
Tue Jun 27 06:14:08 UTC 2017

On Mon, 26 Jun 2017 20:25:02 +0800, alphachi wrote:
> I'm preparing to migrate to doas and the following commands are my test:
> % cat /usr/local/etc/doas.conf
> permit nopass keepenv fbsd as root
> permit nopass keepenv root as root
> % id -nu
> fbsd
> % doas id -nu
> root
> % echo $SHELL
> /usr/local/bin/zsh
> % doas echo $SHELL
> /usr/local/bin/zsh
> % alias
> vi=vim
> % doas alias
> %
> As this shows, doas doesn't know this alias, so "doas vi" can't invoke
> installed vim.
> Is this reasonable or just my mistake? How to enable zsh alias for doas?

A possible explanation is that the subshell that executes the
"alias" (internal) command provided through doas does not inherit
the environment that stored the alias for the user shell; in
such a case, root's environment (without the alias) will be
used while the doas shell is running, that's why the "vi=vim"
setting is not in that environment.

However, that exactly seems to conflict with the "keepenv"
option provided by doas.conf, except of course aliases are
being handled independently from environmental variables
(which the "env" in "keepenv" could refer to).

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list