.Ev USER
and
.Ev USERNAME .
-.It Ic keepenv { Oo Ar variable ... Oc Ic }
+.It Ic setenv { Oo Ar variable ... Oc Ic Oo Ar variable=value ... Oc Ic }
In addition to the variables mentioned above, keep the space-separated
specified variables.
+Variables may also be removed with a leading - or set using the latter syntax.
+If the first character of
+.Ar value
+is a
+.Ql $
+then the value to be set is taken from the existing environment
+variable of the same name.
.El
.It Ar identity
The username to match.
The following example permits users in group wsrc to build ports,
wheel to execute commands as any user while keeping the environment
variables
-.Ev ENV ,
-.Ev PS1 ,
+.Ev PS1
+and
+.Ev SSH_AUTH_SOCK
and
-.Ev SSH_AUTH_SOCK ,
-and additionally permits tedu to run procmap as root without a password.
+unsetting
+.Ev ENV ,
+permits tedu to run procmap as root without a password,
+and additionally permits root to run unrestricted commands as itself.
.Bd -literal -offset indent
# Non-exhaustive list of variables needed to
# build release(8) and ports(7)
-permit nopass keepenv { \e
+permit nopass setenv { \e
FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \e
DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \e
MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \e
PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \e
SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc
-permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel
+permit nopass setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel
permit nopass tedu as root cmd /usr/sbin/procmap
.Ed
.Sh SEE ALSO
projects / opendoas.git / blobdiff