doas and */sbin/* commands
0 views
Skip to first unread message
fatty.merc...@aceecat.org
Feb 26, 2026, 4:17:26 PMFeb 26
to ques...@freebsd.org
Ok, so I'm trying doas again (it's an on/off affair, I'm not convinced
of its benefits yet). This has me stumped:
2+0 ~$ doas printenv
DOAS_USER=itz
HOME=/root
LOGNAME=root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SHELL=/bin/sh
TERM=alacritty
USER=root
3+0 ~$ doas which service
/usr/sbin/service
4+0 ~$ doas service
doas: service: command not found
I know it's trivial to just type the full pathname, but it's still
inconvenient. So what is happening here, and can I have the sbin things
in PATH for doas but not otherwise?
--
Ian
of its benefits yet). This has me stumped:
2+0 ~$ doas printenv
DOAS_USER=itz
HOME=/root
LOGNAME=root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SHELL=/bin/sh
TERM=alacritty
USER=root
3+0 ~$ doas which service
/usr/sbin/service
4+0 ~$ doas service
doas: service: command not found
I know it's trivial to just type the full pathname, but it's still
inconvenient. So what is happening here, and can I have the sbin things
in PATH for doas but not otherwise?
--
Ian
TR Kellers, Sr
Feb 26, 2026, 4:28:37 PMFeb 26
to fatty.merc...@aceecat.org, ques...@freebsd.org
> On Feb 26, 2026, at 4:17 PM, fatty.merc...@aceecat.org wrote:
>
> Ok, so I'm trying doas again (it's an on/off affair, I'm not convinced
Tim
timothyk@nexttroll:~ % doas printenv
DOAS_USER=timothyk
HOME=/root
LOGNAME=root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SHELL=/bin/sh
TERM=xterm-256color
LOGNAME=root
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
SHELL=/bin/sh
USER=root
timothyk@nexttroll:~ % doas which service
/usr/sbin/service
timothyk@nexttroll:~ % doas service
Usage:
service [-j <jail name or id>] -e
service [-j <jail name or id>] [-q] -R
service [-j <jail name or id>] [-v] -l
service [-j <jail name or id>] [-v] -r
service [-j <jail name or id>] [-dqv] [-E var=value] <rc.d script> start|stop|etc.
service -h
-d Enable debugging of rc.d scripts
-j Perform actions within the named jail
-E n=val Set variable n to val before executing the rc.d script
-e Show services that are enabled
-R Stop and start enabled /usr/local/etc/rc.d services
-l List all scripts in /etc/rc.d and /usr/local/etc/rc.d
-r Show the results of boot time rcorder
-q quiet
-v Verbose
fatty.merc...@aceecat.org
Feb 26, 2026, 5:32:49 PMFeb 26
to ques...@freebsd.org
On Thu, Feb 26, 2026 at 04:28:00PM -0500, TR Kellers, Sr wrote:
> > 2+0 ~$ doas printenv
> > DOAS_USER=itz
> > HOME=/root
> > LOGNAME=root
> > PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> > SHELL=/bin/sh
> > TERM=alacritty
> > USER=root
> > 3+0 ~$ doas which service
> > /usr/sbin/service
> > 4+0 ~$ doas service
> > doas: service: command not found
> > 2+0 ~$ doas printenv
> > DOAS_USER=itz
> > HOME=/root
> > LOGNAME=root
> > PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> > SHELL=/bin/sh
> > TERM=alacritty
> > USER=root
> > 3+0 ~$ doas which service
> > /usr/sbin/service
> > 4+0 ~$ doas service
> > doas: service: command not found
> Mine shows this, what does your doas.conf contain?
> timothyk@nexttroll:~ % doas printenv
> DOAS_USER=timothyk
> HOME=/root
> LOGNAME=root
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> SHELL=/bin/sh
> TERM=xterm-256color
> USER=root
> timothyk@nexttroll:~ % doas which service
> /usr/sbin/service
> timothyk@nexttroll:~ % doas service
> Usage:
> service [-j <jail name or id>] -e
> service [-j <jail name or id>] [-q] -R
> service [-j <jail name or id>] [-v] -l
> service [-j <jail name or id>] [-v] -r
> service [-j <jail name or id>] [-dqv] [-E var=value] <rc.d script> start|stop|etc.
> service -h
My doas.conf is, in full:
> DOAS_USER=timothyk
> HOME=/root
> LOGNAME=root
> PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
> SHELL=/bin/sh
> TERM=xterm-256color
> USER=root
> timothyk@nexttroll:~ % doas which service
> /usr/sbin/service
> timothyk@nexttroll:~ % doas service
> Usage:
> service [-j <jail name or id>] -e
> service [-j <jail name or id>] [-q] -R
> service [-j <jail name or id>] [-v] -l
> service [-j <jail name or id>] [-v] -r
> service [-j <jail name or id>] [-dqv] [-E var=value] <rc.d script> start|stop|etc.
> service -h
permit nopasswd :wheel
but I don't see how that is relevant?
One difference I see is my unprivileged shell is bash and yours seems
to be tcsh. But even that, how should it matter? Once doas is in
control, everything ought to be the same or it's a bug :-P
--
Ian
TR Kellers, Sr
Feb 26, 2026, 5:44:16 PMFeb 26
to fatty.merc...@aceecat.org, ques...@freebsd.org
> On Feb 26, 2026, at 5:32 PM, fatty.merc...@aceecat.org wrote:
Just in case there is some OS version difference, this is my uname:
[timothyk@nexttroll ~]$ uname -a -K -U
FreeBSD nexttroll.com 16.0-CURRENT FreeBSD 16.0-CURRENT #0 main-102fed041d7f-dirty: Fri Feb 20 21:10:39 EST 2026 ro...@nexttroll.com:/usr/obj/usr/src/amd64.amd64/sys/FEB20 amd64 1600012 1600012
fatty.merc...@aceecat.org
Feb 27, 2026, 2:22:27 PM (13 days ago) Feb 27
to ques...@freebsd.org
I think I understand this now. The search for the command specified as
part of doas' arguments happens *before* the environment is switched.
So, because I lack the sbin directories in my normal user's PATH (on
purpose), nothing I configure about the target PATH or target
environment in general will help. :-(
My workaround is a wrapper that runs doas with an enriched ambient
PATH.
For non-interactive jobs, it's also possible to pipe the command into
a shell, i.e.
echo service | doas -S
but this breaks for interactive programs like vi.
--
Ian
part of doas' arguments happens *before* the environment is switched.
So, because I lack the sbin directories in my normal user's PATH (on
purpose), nothing I configure about the target PATH or target
environment in general will help. :-(
My workaround is a wrapper that runs doas with an enriched ambient
PATH.
For non-interactive jobs, it's also possible to pipe the command into
a shell, i.e.
echo service | doas -S
but this breaks for interactive programs like vi.
--
Ian
Reply all
Reply to author
Forward
0 new messages