Annotation of src/usr.bin/doas/doas.1, Revision 1.19
1.19 ! tedu 1: .\" $OpenBSD: doas.1,v 1.18 2016/09/02 20:38:05 tedu Exp $
1.1 tedu 2: .\"
3: .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4: .\"
5: .\"Permission to use, copy, modify, and distribute this software for any
6: .\"purpose with or without fee is hereby granted, provided that the above
7: .\"copyright notice and this permission notice appear in all copies.
8: .\"
9: .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.18 tedu 16: .Dd $Mdocdate: September 2 2016 $
1.1 tedu 17: .Dt DOAS 1
18: .Os
19: .Sh NAME
20: .Nm doas
21: .Nd execute commands as another user
22: .Sh SYNOPSIS
23: .Nm doas
1.17 tedu 24: .Op Fl Lns
1.15 sthen 25: .Op Fl a Ar style
1.9 tedu 26: .Op Fl C Ar config
1.1 tedu 27: .Op Fl u Ar user
1.4 schwarze 28: .Ar command
1.1 tedu 29: .Op Ar args
30: .Sh DESCRIPTION
31: The
32: .Nm
33: utility executes the given command as another user.
1.11 zhuk 34: The
35: .Ar command
36: argument is mandatory unless
1.19 ! tedu 37: .Fl C ,
! 38: .Fl L ,
1.11 zhuk 39: or
40: .Fl s
41: is specified.
1.1 tedu 42: .Pp
43: The options are as follows:
44: .Bl -tag -width tenletters
1.15 sthen 45: .It Fl a Ar style
1.16 tedu 46: Use the specified authentication style when validating the user,
1.15 sthen 47: as allowed by
48: .Pa /etc/login.conf .
1.16 tedu 49: A list of doas-specific authentication methods may be configured by adding an
1.15 sthen 50: .Sq auth-doas
51: entry in
1.16 tedu 52: .Xr login.conf 5 .
1.9 tedu 53: .It Fl C Ar config
54: Parse and check the configuration file
55: .Ar config ,
56: then exit.
1.11 zhuk 57: If
58: .Ar command
59: is supplied,
60: .Nm
61: will also perform command matching.
62: In the latter case
63: either
64: .Sq permit ,
65: .Sq permit nopass
66: or
67: .Sq deny
68: will be printed on standard output, depending on command
69: matching results.
1.16 tedu 70: No command is executed.
1.17 tedu 71: .It Fl L
1.18 tedu 72: Clear any persisted authorizations from previous invocations,
73: then immediately exit.
74: No command is executed.
1.12 espie 75: .It Fl n
76: Non interactive mode, fail if
77: .Nm
78: would prompt for password.
1.5 nicm 79: .It Fl s
80: Execute the shell from
81: .Ev SHELL
82: or
83: .Pa /etc/passwd .
1.1 tedu 84: .It Fl u Ar user
85: Execute the command as
86: .Ar user .
87: The default is root.
88: .El
89: .Sh EXIT STATUS
90: .Ex -std doas
1.3 tedu 91: It may fail for one of the following reasons:
1.1 tedu 92: .Pp
93: .Bl -bullet -compact
94: .It
1.7 jmc 95: The config file
1.6 espie 96: .Pa /etc/doas.conf
97: could not be parsed.
1.1 tedu 98: .It
1.2 tedu 99: The user attempted to run a command which is not permitted.
1.1 tedu 100: .It
1.2 tedu 101: The password was incorrect.
1.8 zhuk 102: .It
1.13 tedu 103: The specified command was not found or is not executable.
1.1 tedu 104: .El
1.2 tedu 105: .Sh SEE ALSO
1.14 jmc 106: .Xr su 1 ,
1.2 tedu 107: .Xr doas.conf 5
1.1 tedu 108: .Sh HISTORY
109: The
110: .Nm
111: command first appeared in
112: .Ox 5.8 .
113: .Sh AUTHORS
114: .An Ted Unangst Aq Mt tedu@openbsd.org