.Fl s
is specified.
.Pp
-By default, the environment is reset.
+By default, a new environment is created.
The variables
.Ev HOME ,
.Ev LOGNAME ,
and the
.Xr umask 2
are set to values appropriate for the target user.
+.Ev DOAS_USER
+is set to the name of the user executing
+.Nm .
The variables
.Ev DISPLAY
and
After the user successfully authenticates, do not ask for a password
again for some time.
.It Ic keepenv
-The user's environment is maintained.
-The default is to retain the variables
-.Ev DISPLAY
-and
-.Ev TERM
-from the invoking process, reset
-.Ev HOME ,
-.Ev LOGNAME ,
-.Ev PATH ,
-.Ev SHELL ,
-and
-.Ev USER
-as appropriate for the target user, and discard the rest of the environment.
+Environment variables other than those listed in
+.Xr doas 1
+are retained when creating the environment for the new process.
.It Ic setenv { Oo Ar variable ... Oc Oo Ar variable=value ... Oc Ic }
-In addition to the variables mentioned above, keep the space-separated
-specified variables.
+Keep or set the space-separated specified variables.
Variables may also be removed with a leading
.Sq -
or set using the latter syntax.
.Ql $
then the value to be set is taken from the existing environment
variable of the indicated name.
+This option is processed after the default environment has been created.
.El
.It Ar identity
The username to match.