@ofborg test doas

Does this cause doas to propagate the env by default, or just allow for it? Does that follow sudo's behavior in nixos?

I believe this propagates the env by default, which is consistent with sudo's default behavior on NixOS. This can be overridden by supplying any rule that either doesn't specify keepEnv, or explicitly sets it to false (the default).

Without keepenv for doas, and with SETENV: ALL for sudo:

[vin@scadrial:~]$ doas nixos-rebuild dry-build
building the system configuration...
error: file 'nixpkgs/nixos' was not found in the Nix search path (add it using $NIX_PATH or -I)
# failure :(

[vin@scadrial:~]$ sudo nixos-rebuild dry-build
building the system configuration...
# success!

With keepenv for doas:

[vin@scadrial:~]$ doas nixos-rebuild dry-build
building the system configuration...
# success!

I'm confused.

[cole@xeep:~]$ echo $TEST
foo

[cole@xeep:~]$ sudo bash

[root@xeep:/home/cole]# echo $TEST

Is SETENV: ALL the default for NixOS?

Is SETENV: ALL the default for NixOS?

Yes it is.

Okay, so be it. My understanding, still, is that sudo -E or adding env_keep directives to /etc/sudoers was necessary to propagate any environment variables through sudo.

That seems in contrast to what this PR will do, which will cause doas to propagate the environment by default.

However, maybe this is a non-issue. Is it typical for doas to keepEnv by default on other distros? Is it more important that we follow expectations for doas? Otherwise, I am naively assuming there is a reason that sudo acts this way by default and we might want to consider that.

SETENV: ALL is what allows a user to sudo -E (and thereby preserve their environment). Without that, sudo turns them away at the gate.

doas has no way to let a user say "I'm allowed to keep my environment, please let me do so" like sudo -E does -- it's either you get to keep your environment during invocation, or you don't.

I personally think this is fine, but open to hearing reasons why this might be a bad idea. After all, I could just add keepEnv to my local rules (like I currently do).

I'd prefer to not introduce this change; it makes the default behaviour of doas and sudo inconsistent, and environment variables implicitly leaking can lead to a lot of problems. I do wish doas let you permit keeping environment variables without forcing you to, though.

In particular it can lead to a program running as root deciding it should definitely try to create a bunch of files in your user's home directory and generally inheriting resources it ought not to.

Those are the kind of reasons I was looking for (or maybe not looking for, depending on how you look at it). I agree with @emilazy, and will instead just keep the change (keepEnv = true;) in my system configuration.

Thanks all for the input.