-.\" $OpenBSD: doas.1,v 1.13 2015/07/26 23:00:15 tedu Exp $
+.\" $OpenBSD: doas.1,v 1.25 2021/01/16 09:18:41 martijn Exp $
.\"
.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
.\"
.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: July 26 2015 $
+.Dd $Mdocdate: January 16 2021 $
.Dt DOAS 1
.Os
.Sh NAME
.Nd execute commands as another user
.Sh SYNOPSIS
.Nm doas
-.Op Fl ns
+.Op Fl Lns
.Op Fl C Ar config
.Op Fl u Ar user
.Ar command
The
.Ar command
argument is mandatory unless
-.Fl C
+.Fl C ,
+.Fl L ,
or
.Fl s
is specified.
.Pp
+The user will be required to authenticate by entering their password,
+unless configured otherwise.
+.Pp
+By default, a new environment is created.
+The variables
+.Ev HOME ,
+.Ev LOGNAME ,
+.Ev PATH ,
+.Ev SHELL ,
+and
+.Ev USER
+and the
+.Xr umask 2
+are set to values appropriate for the target user.
+.Ev DOAS_USER
+is set to the name of the user executing
+.Nm .
+The variables
+.Ev DISPLAY
+and
+.Ev TERM
+are inherited from the current environment.
+This behavior may be modified by the config file.
+The working directory is not changed.
+.Pp
The options are as follows:
.Bl -tag -width tenletters
.It Fl C Ar config
.Sq deny
will be printed on standard output, depending on command
matching results.
-In either case, no command is executed.
+No command is executed.
+.It Fl L
+Clear any persisted authentications from previous invocations,
+then immediately exit.
+No command is executed.
.It Fl n
-Non interactive mode, fail if
-.Nm
-would prompt for password.
+Non interactive mode, fail if the matching rule doesn't have the
+.Ic nopass
+option.
.It Fl s
Execute the shell from
.Ev SHELL
projects / opendoas.git / blobdiff