Hi,

On Thu, Nov 28, 2024 at 07:06:02PM -0600, Aaron Rainbolt wrote:
> * All doas configuration has to go into a single '/etc/doas.conf' file,
>   which makes it difficult for a Linux distro to make use of doas as
>   the default privilege escalation utility in place of sudo. If a tool
>   needs to be able to be run by all users or a particular user as root
>   without a password, the user has to explicitly configure that
>   themselves, the tool can't ship a doas configuration "snippet" that
>   allows it.

About those config "snippets": I had a very bad time figuring out
on one of those super-clever linux systems why a "PasswordAuthentication
no" in /etc/ssh/sshd_config didn't work. The reason was that they
by default put a file into /etc/ssh/sshd_config.d with
"PasswordAuthentication yes" (and didn't document it anywhere). So
I had do disable this with an /etc/ssh/sshd_config.d/000-go-fuck-yourself
with "PasswordAuthentification no".

Do you still think that configuration snippets for security related
tools installed by arbitrary packages are a clever idea?

Ciao,
	Kili