I use doas instead of sudo. And I use a symbolic link to bind sudo to doas to try to subside any issues with programs trying to use sudo. I tried to make and mount a veracrypt volume but got this:
Failed to obtain administrator privileges: sudo: invalid option – ‘S’
usage: doas [-Lns] [-C config] [-u user] command [args]
Is there some way to get around this? How could I force veracrypt to use doas?
So is this an official veracrypt setup script that you are running, which is giving the password to sudo via the -S flag?
Can you see why it is doing this?
My guess is that OpenBSD developers, when making doas, decided that the -S method of authentication was too insecure and refused to implement it; I have no source that this is actually the case, however.
I tried this and Veracrypt gave the same error but for -p
-p prompt, --prompt =prompt
Use a custom password prompt with optional escape sequences. The following percent (‘ % ’) escape sequences are supported by the sudoers policy
So I don’t think this is going to be easily solved with just a wrapper for doas. I have attempted to go to the source forge for Veracrypt and made a feature request for opendoas support but I haven’t gotten a response on the post as of yet. Should I make a submission on the github too?
The thing is I knew yay was putting the flags in order, so I echoed the stuff that the program (in your case veracrypt) is calling with sudo, then I observe the flags and modify the output.
And you have modified the script, I’ve been shifting diferent flag than “-p” ?
There is also a posibility veracrypt is not calling “sudo” but “/usr/bin/sudo” so it’s not even looking in your $PATH for “sudo”
I know this, but I still got sudo working in the way you are suggesting. I made the wrapper you mentioned and copied it to /usr/bin/sudo and echoed out -S, but then it said -p is also being used. I could just echo that out too. But I can’t imagine Veracrypt is going to be too happy with all of those custom reponses and stuff just missing from what it was expecting. I asked for a feature request but haven’t gotten a response yet so I’m just kind of waiting. I might even try to make the change myself if need be.
I might still attempt to use the wrapper for all of the options veracrypt uses though just to be sure.
Thank you
You are right. After removing all of the sudo flags in the wrapper. It doesn’t appear to work. Authentication appears to fail everytime, despite putting in the right password. This could come down to the method that Veracrypt is trying to use to authenicate with what it thinks is sudo. By just depositing directly into stdin. Which is what the -S flag was for. So somehow something else is getting in? Or this method is just straight up failing with doas? I’m unsure.
But direct modification of Veracrypt may be required.
I am just going to use sudo for this specific time considering I don’t plan on accessing the documents in recent time. But this is definitely going to keep me from using Veracrypt as often as I would like to.