.Bl -tag -width keepenv
.It Ic nopass
The user is not required to enter a password.
+.It Ic nolog
+Do not log successful command execution to
+.Xr syslogd 8 .
.It Ic persist
After the user successfully authenticates, do not ask for a password
again for some time.
.It Ic keepenv
-The user's environment is maintained.
-The default is to reset the environment, except for the variables
-.Ev DISPLAY ,
-.Ev HOME ,
-.Ev LOGNAME ,
-.Ev MAIL ,
-.Ev PATH ,
-.Ev TERM ,
-.Ev USER
-and
-.Ev USERNAME .
+Environment variables other than those listed in
+.Xr doas 1
+are retained when creating the environment for the new process.
.It Ic setenv { Oo Ar variable ... Oc Oo Ar variable=value ... Oc Ic }
-In addition to the variables mentioned above, keep the space-separated
-specified variables.
+Keep or set the space-separated specified variables.
Variables may also be removed with a leading
.Sq -
or set using the latter syntax.
is a
.Ql $
then the value to be set is taken from the existing environment
-variable of the same name.
+variable of the indicated name.
+This option is processed after the default environment has been created.
.El
.It Ar identity
The username to match.
If quotes or backslashes are used in a word,
it isn't considered a keyword.
.El
+.Sh FILES
+.Bl -tag -width /etc/examples/doas.conf -compact
+.It Pa /etc/doas.conf
+.Xr doas 1
+configuration file.
+.It Pa /etc/examples/doas.conf
+Example configuration file.
+.El
.Sh EXAMPLES
The following example permits user aja to install packages
from a preferred mirror;
unsetting
.Ev ENV ;
permits tedu to run procmap as root without a password;
-and additionally permits root to run unrestricted commands as itself.
+and additionally permits root to run unrestricted commands as itself
+while retaining the original PATH.
.Bd -literal -offset indent
permit persist setenv { PKG_CACHE PKG_PATH } aja cmd pkg_add
permit setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel
permit nopass tedu as root cmd /usr/sbin/procmap
+permit nopass keepenv setenv { PATH } root as root
.Ed
.Sh SEE ALSO
-.Xr doas 1
+.Xr doas 1 ,
+.Xr syslogd 8
.Sh HISTORY
The
.Nm