X-Git-Url: https://git.armaanb.net/?a=blobdiff_plain;f=doas.conf.5;h=95daf4ccb745b03aff3435cdeb4724255a03c653;hb=37bd6612bdffabe6d8a588b391bd353c39497abb;hp=cfe1cf3ad2eddd66ea174c1c0b4bf3346ae53e14;hpb=27235dd398ab05cf7f992efe2027efc70fa0da0c;p=opendoas.git diff --git a/doas.conf.5 b/doas.conf.5 index cfe1cf3..95daf4c 100644 --- a/doas.conf.5 +++ b/doas.conf.5 @@ -33,7 +33,7 @@ The rules have the following format: .Op Ar options .Ar identity .Op Ic as Ar target -.Op Ic cmd Ar command Op Ic args ... +.Op Ic cmd Ar command Op Ic args No ... .Ed .Pp Rules consist of the following parts: @@ -71,7 +71,7 @@ If the first character of is a .Ql $ then the value to be set is taken from the existing environment -variable of the same name. +variable of the indicated name. .El .It Ar identity The username to match. @@ -88,7 +88,7 @@ Be advised that it is best to specify absolute paths. If a relative path is specified, only a restricted .Ev PATH will be searched. -.It Ic args ... +.It Ic args Op Ar argument ... Arguments to command. The command arguments provided by the user need to match those specified. The keyword @@ -118,9 +118,15 @@ as a result, comments may not be extended over multiple lines. If quotes or backslashes are used in a word, it isn't considered a keyword. .El +.Sh FILES +.Bl -tag -width "/etc/doas.conf" +.It Pa /etc/doas.conf +doas configuration file. +.El .Sh EXAMPLES -The following example permits users in group wsrc to build ports; -wheel to execute commands as any user while keeping the environment +The following example permits user aja to install packages +from a preferred mirror; +group wheel to execute commands as any user while keeping the environment variables .Ev PS1 and @@ -131,14 +137,7 @@ unsetting permits tedu to run procmap as root without a password; and additionally permits root to run unrestricted commands as itself. .Bd -literal -offset indent -# Non-exhaustive list of variables needed to -# build release(8) and ports(7) -permit nopass setenv { \e - FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \e - DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \e - MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \e - PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \e - SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc +permit persist setenv { PKG_CACHE PKG_PATH } aja cmd pkg_add permit setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel permit nopass tedu as root cmd /usr/sbin/procmap .Ed