Annotation of src/usr.bin/doas/doas.1, Revision 1.17
1.17 ! tedu 1: .\" $OpenBSD: doas.1,v 1.16 2016/06/11 04:38:21 tedu Exp $
1.1 tedu 2: .\"
3: .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4: .\"
5: .\"Permission to use, copy, modify, and distribute this software for any
6: .\"purpose with or without fee is hereby granted, provided that the above
7: .\"copyright notice and this permission notice appear in all copies.
8: .\"
9: .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.17 ! tedu 16: .Dd $Mdocdate: June 11 2016 $
1.1 tedu 17: .Dt DOAS 1
18: .Os
19: .Sh NAME
20: .Nm doas
21: .Nd execute commands as another user
22: .Sh SYNOPSIS
23: .Nm doas
1.17 ! tedu 24: .Op Fl Lns
1.15 sthen 25: .Op Fl a Ar style
1.9 tedu 26: .Op Fl C Ar config
1.1 tedu 27: .Op Fl u Ar user
1.4 schwarze 28: .Ar command
1.1 tedu 29: .Op Ar args
30: .Sh DESCRIPTION
31: The
32: .Nm
33: utility executes the given command as another user.
1.11 zhuk 34: The
35: .Ar command
36: argument is mandatory unless
37: .Fl C
38: or
39: .Fl s
40: is specified.
1.1 tedu 41: .Pp
42: The options are as follows:
43: .Bl -tag -width tenletters
1.15 sthen 44: .It Fl a Ar style
1.16 tedu 45: Use the specified authentication style when validating the user,
1.15 sthen 46: as allowed by
47: .Pa /etc/login.conf .
1.16 tedu 48: A list of doas-specific authentication methods may be configured by adding an
1.15 sthen 49: .Sq auth-doas
50: entry in
1.16 tedu 51: .Xr login.conf 5 .
1.9 tedu 52: .It Fl C Ar config
53: Parse and check the configuration file
54: .Ar config ,
55: then exit.
1.11 zhuk 56: If
57: .Ar command
58: is supplied,
59: .Nm
60: will also perform command matching.
61: In the latter case
62: either
63: .Sq permit ,
64: .Sq permit nopass
65: or
66: .Sq deny
67: will be printed on standard output, depending on command
68: matching results.
1.16 tedu 69: No command is executed.
1.17 ! tedu 70: .It Fl L
! 71: Clear any persisted authorizations from previous invocations.
1.12 espie 72: .It Fl n
73: Non interactive mode, fail if
74: .Nm
75: would prompt for password.
1.5 nicm 76: .It Fl s
77: Execute the shell from
78: .Ev SHELL
79: or
80: .Pa /etc/passwd .
1.1 tedu 81: .It Fl u Ar user
82: Execute the command as
83: .Ar user .
84: The default is root.
85: .El
86: .Sh EXIT STATUS
87: .Ex -std doas
1.3 tedu 88: It may fail for one of the following reasons:
1.1 tedu 89: .Pp
90: .Bl -bullet -compact
91: .It
1.7 jmc 92: The config file
1.6 espie 93: .Pa /etc/doas.conf
94: could not be parsed.
1.1 tedu 95: .It
1.2 tedu 96: The user attempted to run a command which is not permitted.
1.1 tedu 97: .It
1.2 tedu 98: The password was incorrect.
1.8 zhuk 99: .It
1.13 tedu 100: The specified command was not found or is not executable.
1.1 tedu 101: .El
1.2 tedu 102: .Sh SEE ALSO
1.14 jmc 103: .Xr su 1 ,
1.2 tedu 104: .Xr doas.conf 5
1.1 tedu 105: .Sh HISTORY
106: The
107: .Nm
108: command first appeared in
109: .Ox 5.8 .
110: .Sh AUTHORS
111: .An Ted Unangst Aq Mt tedu@openbsd.org