Annotation of src/usr.bin/doas/doas.1, Revision 1.16
1.16 ! tedu 1: .\" $OpenBSD: doas.1,v 1.15 2015/12/08 13:39:40 sthen Exp $
1.1 tedu 2: .\"
3: .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4: .\"
5: .\"Permission to use, copy, modify, and distribute this software for any
6: .\"purpose with or without fee is hereby granted, provided that the above
7: .\"copyright notice and this permission notice appear in all copies.
8: .\"
9: .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.16 ! tedu 16: .Dd $Mdocdate: December 8 2015 $
1.1 tedu 17: .Dt DOAS 1
18: .Os
19: .Sh NAME
20: .Nm doas
21: .Nd execute commands as another user
22: .Sh SYNOPSIS
23: .Nm doas
1.12 espie 24: .Op Fl ns
1.15 sthen 25: .Op Fl a Ar style
1.9 tedu 26: .Op Fl C Ar config
1.1 tedu 27: .Op Fl u Ar user
1.4 schwarze 28: .Ar command
1.1 tedu 29: .Op Ar args
30: .Sh DESCRIPTION
31: The
32: .Nm
33: utility executes the given command as another user.
1.11 zhuk 34: The
35: .Ar command
36: argument is mandatory unless
37: .Fl C
38: or
39: .Fl s
40: is specified.
1.1 tedu 41: .Pp
42: The options are as follows:
43: .Bl -tag -width tenletters
1.15 sthen 44: .It Fl a Ar style
1.16 ! tedu 45: Use the specified authentication style when validating the user,
1.15 sthen 46: as allowed by
47: .Pa /etc/login.conf .
1.16 ! tedu 48: A list of doas-specific authentication methods may be configured by adding an
1.15 sthen 49: .Sq auth-doas
50: entry in
1.16 ! tedu 51: .Xr login.conf 5 .
1.9 tedu 52: .It Fl C Ar config
53: Parse and check the configuration file
54: .Ar config ,
55: then exit.
1.11 zhuk 56: If
57: .Ar command
58: is supplied,
59: .Nm
60: will also perform command matching.
61: In the latter case
62: either
63: .Sq permit ,
64: .Sq permit nopass
65: or
66: .Sq deny
67: will be printed on standard output, depending on command
68: matching results.
1.16 ! tedu 69: No command is executed.
1.12 espie 70: .It Fl n
71: Non interactive mode, fail if
72: .Nm
73: would prompt for password.
1.5 nicm 74: .It Fl s
75: Execute the shell from
76: .Ev SHELL
77: or
78: .Pa /etc/passwd .
1.1 tedu 79: .It Fl u Ar user
80: Execute the command as
81: .Ar user .
82: The default is root.
83: .El
84: .Sh EXIT STATUS
85: .Ex -std doas
1.3 tedu 86: It may fail for one of the following reasons:
1.1 tedu 87: .Pp
88: .Bl -bullet -compact
89: .It
1.7 jmc 90: The config file
1.6 espie 91: .Pa /etc/doas.conf
92: could not be parsed.
1.1 tedu 93: .It
1.2 tedu 94: The user attempted to run a command which is not permitted.
1.1 tedu 95: .It
1.2 tedu 96: The password was incorrect.
1.8 zhuk 97: .It
1.13 tedu 98: The specified command was not found or is not executable.
1.1 tedu 99: .El
1.2 tedu 100: .Sh SEE ALSO
1.14 jmc 101: .Xr su 1 ,
1.2 tedu 102: .Xr doas.conf 5
1.1 tedu 103: .Sh HISTORY
104: The
105: .Nm
106: command first appeared in
107: .Ox 5.8 .
108: .Sh AUTHORS
109: .An Ted Unangst Aq Mt tedu@openbsd.org