Annotation of src/usr.bin/doas/doas.1, Revision 1.26
1.26 ! kn 1: .\" $OpenBSD: doas.1,v 1.25 2021/01/16 09:18:41 martijn Exp $
1.1 tedu 2: .\"
3: .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4: .\"
5: .\"Permission to use, copy, modify, and distribute this software for any
6: .\"purpose with or without fee is hereby granted, provided that the above
7: .\"copyright notice and this permission notice appear in all copies.
8: .\"
9: .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
1.26 ! kn 16: .Dd $Mdocdate: January 16 2021 $
1.1 tedu 17: .Dt DOAS 1
18: .Os
19: .Sh NAME
20: .Nm doas
21: .Nd execute commands as another user
22: .Sh SYNOPSIS
23: .Nm doas
1.17 tedu 24: .Op Fl Lns
1.15 sthen 25: .Op Fl a Ar style
1.9 tedu 26: .Op Fl C Ar config
1.1 tedu 27: .Op Fl u Ar user
1.4 schwarze 28: .Ar command
1.26 ! kn 29: .Op Ar arg ...
1.1 tedu 30: .Sh DESCRIPTION
31: The
32: .Nm
33: utility executes the given command as another user.
1.11 zhuk 34: The
35: .Ar command
36: argument is mandatory unless
1.19 tedu 37: .Fl C ,
38: .Fl L ,
1.11 zhuk 39: or
40: .Fl s
41: is specified.
1.23 tedu 42: .Pp
43: The user will be required to authenticate by entering their password,
44: unless configured otherwise.
1.20 tedu 45: .Pp
1.22 tedu 46: By default, a new environment is created.
1.20 tedu 47: The variables
48: .Ev HOME ,
49: .Ev LOGNAME ,
50: .Ev PATH ,
51: .Ev SHELL ,
52: and
53: .Ev USER
1.21 schwarze 54: and the
55: .Xr umask 2
1.20 tedu 56: are set to values appropriate for the target user.
1.22 tedu 57: .Ev DOAS_USER
58: is set to the name of the user executing
59: .Nm .
1.20 tedu 60: The variables
61: .Ev DISPLAY
62: and
63: .Ev TERM
64: are inherited from the current environment.
65: This behavior may be modified by the config file.
66: The working directory is not changed.
1.1 tedu 67: .Pp
68: The options are as follows:
69: .Bl -tag -width tenletters
1.15 sthen 70: .It Fl a Ar style
1.16 tedu 71: Use the specified authentication style when validating the user,
1.15 sthen 72: as allowed by
73: .Pa /etc/login.conf .
1.16 tedu 74: A list of doas-specific authentication methods may be configured by adding an
1.15 sthen 75: .Sq auth-doas
76: entry in
1.16 tedu 77: .Xr login.conf 5 .
1.9 tedu 78: .It Fl C Ar config
79: Parse and check the configuration file
80: .Ar config ,
81: then exit.
1.11 zhuk 82: If
83: .Ar command
84: is supplied,
85: .Nm
86: will also perform command matching.
87: In the latter case
88: either
89: .Sq permit ,
90: .Sq permit nopass
91: or
92: .Sq deny
93: will be printed on standard output, depending on command
94: matching results.
1.16 tedu 95: No command is executed.
1.17 tedu 96: .It Fl L
1.25 martijn 97: Clear any persisted authentications from previous invocations,
1.18 tedu 98: then immediately exit.
99: No command is executed.
1.12 espie 100: .It Fl n
1.24 martijn 101: Non interactive mode, fail if the matching rule doesn't have the
102: .Ic nopass
103: option.
1.5 nicm 104: .It Fl s
105: Execute the shell from
106: .Ev SHELL
107: or
108: .Pa /etc/passwd .
1.1 tedu 109: .It Fl u Ar user
110: Execute the command as
111: .Ar user .
112: The default is root.
113: .El
114: .Sh EXIT STATUS
115: .Ex -std doas
1.3 tedu 116: It may fail for one of the following reasons:
1.1 tedu 117: .Pp
118: .Bl -bullet -compact
119: .It
1.7 jmc 120: The config file
1.6 espie 121: .Pa /etc/doas.conf
122: could not be parsed.
1.1 tedu 123: .It
1.2 tedu 124: The user attempted to run a command which is not permitted.
1.1 tedu 125: .It
1.2 tedu 126: The password was incorrect.
1.8 zhuk 127: .It
1.13 tedu 128: The specified command was not found or is not executable.
1.1 tedu 129: .El
1.2 tedu 130: .Sh SEE ALSO
1.14 jmc 131: .Xr su 1 ,
1.2 tedu 132: .Xr doas.conf 5
1.1 tedu 133: .Sh HISTORY
134: The
135: .Nm
136: command first appeared in
137: .Ox 5.8 .
138: .Sh AUTHORS
139: .An Ted Unangst Aq Mt tedu@openbsd.org