Annotation of src/usr.bin/doas/doas.1, Revision 1.21
1.21 ! schwarze 1: .\" $OpenBSD: doas.1,v 1.20 2019/06/17 18:44:44 tedu Exp $
1.1 tedu 2: .\"
3: .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4: .\"
5: .\"Permission to use, copy, modify, and distribute this software for any
6: .\"purpose with or without fee is hereby granted, provided that the above
7: .\"copyright notice and this permission notice appear in all copies.
8: .\"
9: .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.21 ! schwarze 16: .Dd $Mdocdate: June 17 2019 $
1.1 tedu 17: .Dt DOAS 1
18: .Os
19: .Sh NAME
20: .Nm doas
21: .Nd execute commands as another user
22: .Sh SYNOPSIS
23: .Nm doas
1.17 tedu 24: .Op Fl Lns
1.15 sthen 25: .Op Fl a Ar style
1.9 tedu 26: .Op Fl C Ar config
1.1 tedu 27: .Op Fl u Ar user
1.4 schwarze 28: .Ar command
1.1 tedu 29: .Op Ar args
30: .Sh DESCRIPTION
31: The
32: .Nm
33: utility executes the given command as another user.
1.11 zhuk 34: The
35: .Ar command
36: argument is mandatory unless
1.19 tedu 37: .Fl C ,
38: .Fl L ,
1.11 zhuk 39: or
40: .Fl s
41: is specified.
1.20 tedu 42: .Pp
43: By default, the environment is reset.
44: The variables
45: .Ev HOME ,
46: .Ev LOGNAME ,
47: .Ev PATH ,
48: .Ev SHELL ,
49: and
50: .Ev USER
1.21 ! schwarze 51: and the
! 52: .Xr umask 2
1.20 tedu 53: are set to values appropriate for the target user.
54: The variables
55: .Ev DISPLAY
56: and
57: .Ev TERM
58: are inherited from the current environment.
59: This behavior may be modified by the config file.
60: The working directory is not changed.
1.1 tedu 61: .Pp
62: The options are as follows:
63: .Bl -tag -width tenletters
1.15 sthen 64: .It Fl a Ar style
1.16 tedu 65: Use the specified authentication style when validating the user,
1.15 sthen 66: as allowed by
67: .Pa /etc/login.conf .
1.16 tedu 68: A list of doas-specific authentication methods may be configured by adding an
1.15 sthen 69: .Sq auth-doas
70: entry in
1.16 tedu 71: .Xr login.conf 5 .
1.9 tedu 72: .It Fl C Ar config
73: Parse and check the configuration file
74: .Ar config ,
75: then exit.
1.11 zhuk 76: If
77: .Ar command
78: is supplied,
79: .Nm
80: will also perform command matching.
81: In the latter case
82: either
83: .Sq permit ,
84: .Sq permit nopass
85: or
86: .Sq deny
87: will be printed on standard output, depending on command
88: matching results.
1.16 tedu 89: No command is executed.
1.17 tedu 90: .It Fl L
1.18 tedu 91: Clear any persisted authorizations from previous invocations,
92: then immediately exit.
93: No command is executed.
1.12 espie 94: .It Fl n
95: Non interactive mode, fail if
96: .Nm
97: would prompt for password.
1.5 nicm 98: .It Fl s
99: Execute the shell from
100: .Ev SHELL
101: or
102: .Pa /etc/passwd .
1.1 tedu 103: .It Fl u Ar user
104: Execute the command as
105: .Ar user .
106: The default is root.
107: .El
108: .Sh EXIT STATUS
109: .Ex -std doas
1.3 tedu 110: It may fail for one of the following reasons:
1.1 tedu 111: .Pp
112: .Bl -bullet -compact
113: .It
1.7 jmc 114: The config file
1.6 espie 115: .Pa /etc/doas.conf
116: could not be parsed.
1.1 tedu 117: .It
1.2 tedu 118: The user attempted to run a command which is not permitted.
1.1 tedu 119: .It
1.2 tedu 120: The password was incorrect.
1.8 zhuk 121: .It
1.13 tedu 122: The specified command was not found or is not executable.
1.1 tedu 123: .El
1.2 tedu 124: .Sh SEE ALSO
1.14 jmc 125: .Xr su 1 ,
1.2 tedu 126: .Xr doas.conf 5
1.1 tedu 127: .Sh HISTORY
128: The
129: .Nm
130: command first appeared in
131: .Ox 5.8 .
132: .Sh AUTHORS
133: .An Ted Unangst Aq Mt tedu@openbsd.org