X-Git-Url: https://git.armaanb.net/?a=blobdiff_plain;f=doas.1;h=2f72ca973bee31abcc22f7623efa786fc322086e;hb=e8e8713b26723d2daf3de50b51d2ac209ad65716;hp=dd98081cb0c971d56416d106e1e0a4f9a275bebb;hpb=7cebe8e7e71c5ed54b1bc2cbf3e0c48c33a4b5ac;p=opendoas.git

diff --git a/doas.1 b/doas.1
index dd98081..2f72ca9 100644
--- a/doas.1
+++ b/doas.1
@@ -21,7 +21,7 @@
 .Nd execute commands as another user
 .Sh SYNOPSIS
 .Nm doas
-.Op Fl ns
+.Op Fl Lns
 .Op Fl C Ar config
 .Op Fl u Ar user
 .Ar command
@@ -33,11 +33,37 @@ utility executes the given command as another user.
 The
 .Ar command
 argument is mandatory unless
-.Fl C
+.Fl C ,
+.Fl L ,
 or
 .Fl s
 is specified.
 .Pp
+The user will be required to authenticate by entering their password,
+unless configured otherwise.
+.Pp
+By default, a new environment is created.
+The variables
+.Ev HOME ,
+.Ev LOGNAME ,
+.Ev PATH ,
+.Ev SHELL ,
+and
+.Ev USER
+and the
+.Xr umask 2
+are set to values appropriate for the target user.
+.Ev DOAS_USER
+is set to the name of the user executing
+.Nm .
+The variables
+.Ev DISPLAY
+and
+.Ev TERM
+are inherited from the current environment.
+This behavior may be modified by the config file.
+The working directory is not changed.
+.Pp
 The options are as follows:
 .Bl -tag -width tenletters
 .It Fl C Ar config
@@ -57,11 +83,15 @@ or
 .Sq deny
 will be printed on standard output, depending on command
 matching results.
-In either case, no command is executed.
+No command is executed.
+.It Fl L
+Clear any persisted authorizations from previous invocations,
+then immediately exit.
+No command is executed.
 .It Fl n
-Non interactive mode, fail if
-.Nm
-would prompt for password.
+Non interactive mode, fail if the matching rule doesn't have the
+.Ic nopass
+option.
 .It Fl s
 Execute the shell from
 .Ev SHELL