diff options
Diffstat (limited to 'usr.bin/doas/doas.1')
-rw-r--r-- | usr.bin/doas/doas.1 | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1 new file mode 100644 index 0000000..c7196e3 --- /dev/null +++ b/usr.bin/doas/doas.1 @@ -0,0 +1,130 @@ +.\" $OpenBSD: doas.1,v 1.23 2019/07/04 19:04:17 tedu Exp $ +.\" +.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> +.\" +.\"Permission to use, copy, modify, and distribute this software for any +.\"purpose with or without fee is hereby granted, provided that the above +.\"copyright notice and this permission notice appear in all copies. +.\" +.\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.Dd $Mdocdate: July 4 2019 $ +.Dt DOAS 1 +.Os +.Sh NAME +.Nm doas +.Nd execute commands as another user +.Sh SYNOPSIS +.Nm doas +.Op Fl Lns +.Op Fl C Ar config +.Op Fl u Ar user +.Ar command +.Op Ar args +.Sh DESCRIPTION +The +.Nm +utility executes the given command as another user. +The +.Ar command +argument is mandatory unless +.Fl C , +.Fl L , +or +.Fl s +is specified. +.Pp +The user will be required to authenticate by entering their password, +unless configured otherwise. +.Pp +By default, a new environment is created. +The variables +.Ev HOME , +.Ev LOGNAME , +.Ev PATH , +.Ev SHELL , +and +.Ev USER +and the +.Xr umask 2 +are set to values appropriate for the target user. +.Ev DOAS_USER +is set to the name of the user executing +.Nm . +The variables +.Ev DISPLAY +and +.Ev TERM +are inherited from the current environment. +This behavior may be modified by the config file. +The working directory is not changed. +.Pp +The options are as follows: +.Bl -tag -width tenletters +.It Fl C Ar config +Parse and check the configuration file +.Ar config , +then exit. +If +.Ar command +is supplied, +.Nm +will also perform command matching. +In the latter case +either +.Sq permit , +.Sq permit nopass +or +.Sq deny +will be printed on standard output, depending on command +matching results. +No command is executed. +.It Fl L +Clear any persisted authorizations from previous invocations, +then immediately exit. +No command is executed. +.It Fl n +Non interactive mode, fail if +.Nm +would prompt for password. +.It Fl s +Execute the shell from +.Ev SHELL +or +.Pa /etc/passwd . +.It Fl u Ar user +Execute the command as +.Ar user . +The default is root. +.El +.Sh EXIT STATUS +.Ex -std doas +It may fail for one of the following reasons: +.Pp +.Bl -bullet -compact +.It +The config file +.Pa /etc/doas.conf +could not be parsed. +.It +The user attempted to run a command which is not permitted. +.It +The password was incorrect. +.It +The specified command was not found or is not executable. +.El +.Sh SEE ALSO +.Xr su 1 , +.Xr doas.conf 5 +.Sh HISTORY +The +.Nm +command first appeared in +.Ox 5.8 . +.Sh AUTHORS +.An Ted Unangst Aq Mt tedu@openbsd.org |