=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/doas/doas.conf.5,v retrieving revision 1.2 retrieving revision 1.3 diff -c -r1.2 -r1.3 *** src/usr.bin/doas/doas.conf.5 2015/07/16 21:24:07 1.2 --- src/usr.bin/doas/doas.conf.5 2015/07/17 20:50:31 1.3 *************** *** 1,4 **** ! .\" $OpenBSD: doas.conf.5,v 1.2 2015/07/16 21:24:07 nicm Exp $ .\" .\"Copyright (c) 2015 Ted Unangst .\" --- 1,4 ---- ! .\" $OpenBSD: doas.conf.5,v 1.3 2015/07/17 20:50:31 schwarze Exp $ .\" .\"Copyright (c) 2015 Ted Unangst .\" *************** *** 13,19 **** .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ! .Dd $Mdocdate: July 16 2015 $ .Dt DOAS.CONF 5 .Os .Sh NAME --- 13,19 ---- .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ! .Dd $Mdocdate: July 17 2015 $ .Dt DOAS.CONF 5 .Os .Sh NAME *************** *** 28,60 **** configuration file. .Pp The rules have the following format: ! .Bd -literal -offset indent ! permit|deny [options] [identity] [as target] [cmd command] .Ed .Pp Rules consist of the following parts: ! .Bl -tag -width tenletters ! .It permit|deny The action to be taken if this rule matches. ! .It options Options are: ! .Bl -tag -width tenletters ! .It nopass The user is not required to enter a password. ! .It keepenv The user's environment is maintained. The default is to reset the environment. ! .It keepenv { [variable names] } Reset the environment, but keep the specified variables. .El ! .It identity The username to match. Groups may be specified by prepending a colon (:). Numeric IDs are also accepted. ! .It as target The target user the running user is allowed to run the command as. The default is root. ! .It cmd command The command the user is allowed or denied to run. The default is all commands. Be advised that it's best to specify absolute paths. --- 28,64 ---- configuration file. .Pp The rules have the following format: ! .Bd -ragged -offset indent ! .Ic permit Ns | Ns Ic deny ! .Op Ar options ! .Op Ar identity ! .Op Ic as Ar target ! .Op Ic cmd Ar command .Ed .Pp Rules consist of the following parts: ! .Bl -tag -width 11n ! .It Ic permit Ns | Ns Ic deny The action to be taken if this rule matches. ! .It Ar options Options are: ! .Bl -tag -width keepenv ! .It Ic nopass The user is not required to enter a password. ! .It Ic keepenv The user's environment is maintained. The default is to reset the environment. ! .It Ic keepenv { Oo variable names Oc Ic } Reset the environment, but keep the specified variables. .El ! .It Ar identity The username to match. Groups may be specified by prepending a colon (:). Numeric IDs are also accepted. ! .It Ic as Ar target The target user the running user is allowed to run the command as. The default is root. ! .It Ic cmd Ar command The command the user is allowed or denied to run. The default is all commands. Be advised that it's best to specify absolute paths. *************** *** 68,70 **** --- 72,83 ---- permit :wheel permit nopass tedu cmd /usr/sbin/procmap .Ed + .Sh SEE ALSO + .Xr doas 1 + .Sh HISTORY + The + .Nm + configuration file first appeared in + .Ox 5.8 . + .Sh AUTHORS + .An Ted Unangst Aq Mt tedu@openbsd.org