Annotation of src/usr.bin/doas/doas.1, Revision 1.18
1.18 ! tedu 1: .\" $OpenBSD: doas.1,v 1.17 2016/09/02 18:12:30 tedu Exp $
1.1 tedu 2: .\"
3: .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4: .\"
5: .\"Permission to use, copy, modify, and distribute this software for any
6: .\"purpose with or without fee is hereby granted, provided that the above
7: .\"copyright notice and this permission notice appear in all copies.
8: .\"
9: .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.18 ! tedu 16: .Dd $Mdocdate: September 2 2016 $
1.1 tedu 17: .Dt DOAS 1
18: .Os
19: .Sh NAME
20: .Nm doas
21: .Nd execute commands as another user
22: .Sh SYNOPSIS
23: .Nm doas
1.17 tedu 24: .Op Fl Lns
1.15 sthen 25: .Op Fl a Ar style
1.9 tedu 26: .Op Fl C Ar config
1.1 tedu 27: .Op Fl u Ar user
1.4 schwarze 28: .Ar command
1.1 tedu 29: .Op Ar args
30: .Sh DESCRIPTION
31: The
32: .Nm
33: utility executes the given command as another user.
1.11 zhuk 34: The
35: .Ar command
36: argument is mandatory unless
37: .Fl C
38: or
39: .Fl s
40: is specified.
1.1 tedu 41: .Pp
42: The options are as follows:
43: .Bl -tag -width tenletters
1.15 sthen 44: .It Fl a Ar style
1.16 tedu 45: Use the specified authentication style when validating the user,
1.15 sthen 46: as allowed by
47: .Pa /etc/login.conf .
1.16 tedu 48: A list of doas-specific authentication methods may be configured by adding an
1.15 sthen 49: .Sq auth-doas
50: entry in
1.16 tedu 51: .Xr login.conf 5 .
1.9 tedu 52: .It Fl C Ar config
53: Parse and check the configuration file
54: .Ar config ,
55: then exit.
1.11 zhuk 56: If
57: .Ar command
58: is supplied,
59: .Nm
60: will also perform command matching.
61: In the latter case
62: either
63: .Sq permit ,
64: .Sq permit nopass
65: or
66: .Sq deny
67: will be printed on standard output, depending on command
68: matching results.
1.16 tedu 69: No command is executed.
1.17 tedu 70: .It Fl L
1.18 ! tedu 71: Clear any persisted authorizations from previous invocations,
! 72: then immediately exit.
! 73: No command is executed.
1.12 espie 74: .It Fl n
75: Non interactive mode, fail if
76: .Nm
77: would prompt for password.
1.5 nicm 78: .It Fl s
79: Execute the shell from
80: .Ev SHELL
81: or
82: .Pa /etc/passwd .
1.1 tedu 83: .It Fl u Ar user
84: Execute the command as
85: .Ar user .
86: The default is root.
87: .El
88: .Sh EXIT STATUS
89: .Ex -std doas
1.3 tedu 90: It may fail for one of the following reasons:
1.1 tedu 91: .Pp
92: .Bl -bullet -compact
93: .It
1.7 jmc 94: The config file
1.6 espie 95: .Pa /etc/doas.conf
96: could not be parsed.
1.1 tedu 97: .It
1.2 tedu 98: The user attempted to run a command which is not permitted.
1.1 tedu 99: .It
1.2 tedu 100: The password was incorrect.
1.8 zhuk 101: .It
1.13 tedu 102: The specified command was not found or is not executable.
1.1 tedu 103: .El
1.2 tedu 104: .Sh SEE ALSO
1.14 jmc 105: .Xr su 1 ,
1.2 tedu 106: .Xr doas.conf 5
1.1 tedu 107: .Sh HISTORY
108: The
109: .Nm
110: command first appeared in
111: .Ox 5.8 .
112: .Sh AUTHORS
113: .An Ted Unangst Aq Mt tedu@openbsd.org