X-Git-Url: https://git.armaanb.net/?a=blobdiff_plain;f=doas.conf.5;h=461ef3f662295e69fbe649e8fc4de5225fd733f3;hb=b82ffa68a6436ce3f4c4b480bc9c12ac284b0d99;hp=d4fb35506a38d38d50059fd1715ddb7ab96bc70e;hpb=025db698803cbd722444ba2745ead9a5c51efcb4;p=opendoas.git

diff --git a/doas.conf.5 b/doas.conf.5
index d4fb355..461ef3f 100644
--- a/doas.conf.5
+++ b/doas.conf.5
@@ -45,26 +45,18 @@ Options are:
 .Bl -tag -width keepenv
 .It Ic nopass
 The user is not required to enter a password.
+.It Ic nolog
+Do not log successful command execution to
+.Xr syslogd 8 .
 .It Ic persist
 After the user successfully authenticates, do not ask for a password
 again for some time.
 .It Ic keepenv
-The user's environment is maintained.
-The default is to retain the variables
-.Ev DISPLAY
-and
-.Ev TERM
-from the invoking process, reset
-.Ev HOME ,
-.Ev LOGNAME ,
-.Ev PATH ,
-.Ev SHELL ,
-and
-.Ev USER
-as appropriate for the target user, and discard the rest of the environment.
+Environment variables other than those listed in
+.Xr doas 1
+are retained when creating the environment for the new process.
 .It Ic setenv { Oo Ar variable ... Oc Oo Ar variable=value ... Oc Ic }
-In addition to the variables mentioned above, keep the space-separated
-specified variables.
+Keep or set the space-separated specified variables.
 Variables may also be removed with a leading
 .Sq -
 or set using the latter syntax.
@@ -74,6 +66,7 @@ is a
 .Ql $
 then the value to be set is taken from the existing environment
 variable of the indicated name.
+This option is processed after the default environment has been created.
 .El
 .It Ar identity
 The username to match.
@@ -121,9 +114,12 @@ If quotes or backslashes are used in a word,
 it isn't considered a keyword.
 .El
 .Sh FILES
-.Bl -tag -width "/etc/doas.conf"
+.Bl -tag -width /etc/examples/doas.conf -compact
 .It Pa /etc/doas.conf
-doas configuration file.
+.Xr doas 1
+configuration file.
+.It Pa /etc/examples/doas.conf
+Example configuration file.
 .El
 .Sh EXAMPLES
 The following example permits user aja to install packages
@@ -137,14 +133,17 @@ and
 unsetting
 .Ev ENV ;
 permits tedu to run procmap as root without a password;
-and additionally permits root to run unrestricted commands as itself.
+and additionally permits root to run unrestricted commands as itself
+while retaining the original PATH.
 .Bd -literal -offset indent
 permit persist setenv { PKG_CACHE PKG_PATH } aja cmd pkg_add
 permit setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel
 permit nopass tedu as root cmd /usr/sbin/procmap
+permit nopass keepenv setenv { PATH } root as root
 .Ed
 .Sh SEE ALSO
-.Xr doas 1
+.Xr doas 1 ,
+.Xr syslogd 8
 .Sh HISTORY
 The
 .Nm