s/authorization/authentication/g

[opendoas.git] / doas.1

diff --git a/doas.1 b/doas.1
index 16983aa995a5daaeec404e881549f9ec0caaaab9..2f72ca973bee31abcc22f7623efa786fc322086e 100644 (file)
--- a/doas.1
+++ b/doas.1
@@ -33,11 +33,37 @@ utility executes the given command as another user.
 The
 .Ar command
 argument is mandatory unless
-.Fl C
+.Fl C ,
+.Fl L ,
 or
 .Fl s
 is specified.
 .Pp
+The user will be required to authenticate by entering their password,
+unless configured otherwise.
+.Pp
+By default, a new environment is created.
+The variables
+.Ev HOME ,
+.Ev LOGNAME ,
+.Ev PATH ,
+.Ev SHELL ,
+and
+.Ev USER
+and the
+.Xr umask 2
+are set to values appropriate for the target user.
+.Ev DOAS_USER
+is set to the name of the user executing
+.Nm .
+The variables
+.Ev DISPLAY
+and
+.Ev TERM
+are inherited from the current environment.
+This behavior may be modified by the config file.
+The working directory is not changed.
+.Pp
 The options are as follows:
 .Bl -tag -width tenletters
 .It Fl C Ar config
@@ -59,11 +85,13 @@ will be printed on standard output, depending on command
 matching results.
 No command is executed.
 .It Fl L
-Clear any persisted authorizations from previous invocations.
+Clear any persisted authorizations from previous invocations,
+then immediately exit.
+No command is executed.
 .It Fl n
-Non interactive mode, fail if
-.Nm
-would prompt for password.
+Non interactive mode, fail if the matching rule doesn't have the
+.Ic nopass
+option.
 .It Fl s
 Execute the shell from
 .Ev SHELL