X-Git-Url: https://git.armaanb.net/?a=blobdiff_plain;f=doas.conf.5;h=54022ee2dcbec9a1584a9fd55f5f27867348ee18;hb=4356cb6b4cefb142d182784c264ce936a1ec3626;hp=95daf4ccb745b03aff3435cdeb4724255a03c653;hpb=3f3c502351b672bb8ce1a5cc72b0078b1b102ffb;p=opendoas.git

diff --git a/doas.conf.5 b/doas.conf.5
index 95daf4c..54022ee 100644
--- a/doas.conf.5
+++ b/doas.conf.5
@@ -49,20 +49,11 @@ The user is not required to enter a password.
 After the user successfully authenticates, do not ask for a password
 again for some time.
 .It Ic keepenv
-The user's environment is maintained.
-The default is to reset the environment, except for the variables
-.Ev DISPLAY ,
-.Ev HOME ,
-.Ev LOGNAME ,
-.Ev MAIL ,
-.Ev PATH ,
-.Ev TERM ,
-.Ev USER
-and
-.Ev USERNAME .
+Environment variables other than those listed in
+.Xr doas 1
+are retained when creating the environment for the new process.
 .It Ic setenv { Oo Ar variable ... Oc Oo Ar variable=value ... Oc Ic }
-In addition to the variables mentioned above, keep the space-separated
-specified variables.
+Keep or set the space-separated specified variables.
 Variables may also be removed with a leading
 .Sq -
 or set using the latter syntax.
@@ -72,6 +63,7 @@ is a
 .Ql $
 then the value to be set is taken from the existing environment
 variable of the indicated name.
+This option is processed after the default environment has been created.
 .El
 .It Ar identity
 The username to match.
@@ -135,11 +127,13 @@ and
 unsetting
 .Ev ENV ;
 permits tedu to run procmap as root without a password;
-and additionally permits root to run unrestricted commands as itself.
+and additionally permits root to run unrestricted commands as itself
+while retaining the original PATH.
 .Bd -literal -offset indent
 permit persist setenv { PKG_CACHE PKG_PATH } aja cmd pkg_add
 permit setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel
 permit nopass tedu as root cmd /usr/sbin/procmap
+permit nopass keepenv setenv { PATH } root as root
 .Ed
 .Sh SEE ALSO
 .Xr doas 1