| version 1.2, 2015/07/16 21:24:07 |
version 1.3, 2015/07/17 20:50:31 |
|
|
| configuration file. |
configuration file. |
| .Pp |
.Pp |
| The rules have the following format: |
The rules have the following format: |
| .Bd -literal -offset indent |
.Bd -ragged -offset indent |
| permit|deny [options] [identity] [as target] [cmd command] |
.Ic permit Ns | Ns Ic deny |
| |
.Op Ar options |
| |
.Op Ar identity |
| |
.Op Ic as Ar target |
| |
.Op Ic cmd Ar command |
| .Ed |
.Ed |
| .Pp |
.Pp |
| Rules consist of the following parts: |
Rules consist of the following parts: |
| .Bl -tag -width tenletters |
.Bl -tag -width 11n |
| .It permit|deny |
.It Ic permit Ns | Ns Ic deny |
| The action to be taken if this rule matches. |
The action to be taken if this rule matches. |
| .It options |
.It Ar options |
| Options are: |
Options are: |
| .Bl -tag -width tenletters |
.Bl -tag -width keepenv |
| .It nopass |
.It Ic nopass |
| The user is not required to enter a password. |
The user is not required to enter a password. |
| .It keepenv |
.It Ic keepenv |
| The user's environment is maintained. |
The user's environment is maintained. |
| The default is to reset the environment. |
The default is to reset the environment. |
| .It keepenv { [variable names] } |
.It Ic keepenv { Oo variable names Oc Ic } |
| Reset the environment, but keep the specified variables. |
Reset the environment, but keep the specified variables. |
| .El |
.El |
| .It identity |
.It Ar identity |
| The username to match. |
The username to match. |
| Groups may be specified by prepending a colon (:). |
Groups may be specified by prepending a colon (:). |
| Numeric IDs are also accepted. |
Numeric IDs are also accepted. |
| .It as target |
.It Ic as Ar target |
| The target user the running user is allowed to run the command as. |
The target user the running user is allowed to run the command as. |
| The default is root. |
The default is root. |
| .It cmd command |
.It Ic cmd Ar command |
| The command the user is allowed or denied to run. |
The command the user is allowed or denied to run. |
| The default is all commands. |
The default is all commands. |
| Be advised that it's best to specify absolute paths. |
Be advised that it's best to specify absolute paths. |
|
|
| permit :wheel |
permit :wheel |
| permit nopass tedu cmd /usr/sbin/procmap |
permit nopass tedu cmd /usr/sbin/procmap |
| .Ed |
.Ed |
| |
.Sh SEE ALSO |
| |
.Xr doas 1 |
| |
.Sh HISTORY |
| |
The |
| |
.Nm |
| |
configuration file first appeared in |
| |
.Ox 5.8 . |
| |
.Sh AUTHORS |
| |
.An Ted Unangst Aq Mt tedu@openbsd.org |
![[BACK]](/icons/back.gif){kind=icon}
Return to doas.conf.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / doas