-.\" $OpenBSD: doas.1,v 1.10 2015/07/21 17:49:33 jmc Exp $
+.\" $OpenBSD: doas.1,v 1.11 2015/07/26 17:24:02 zhuk Exp $
.\"
.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
.\"
.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: July 21 2015 $
+.Dd $Mdocdate: July 26 2015 $
.Dt DOAS 1
.Os
.Sh NAME
.Nd execute commands as another user
.Sh SYNOPSIS
.Nm doas
-.Op Fl s
+.Op Fl ns
.Op Fl C Ar config
.Op Fl u Ar user
.Ar command
will be printed on standard output, depending on command
matching results.
No command is executed.
+.It Fl n
+Non interactive mode, fail if
+.Nm
+would prompt for password.
.It Fl s
Execute the shell from
.Ev SHELL
-/* $OpenBSD: doas.c,v 1.24 2015/07/26 19:14:46 tedu Exp $ */
+/* $OpenBSD: doas.c,v 1.25 2015/07/26 19:49:11 zhuk Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
int ngroups;
int i, ch;
int sflag = 0;
+ int nflag = 0;
- while ((ch = getopt(argc, argv, "C:su:")) != -1) {
+ uid = getuid();
+ while ((ch = getopt(argc, argv, "C:nsu:")) != -1) {
switch (ch) {
case 'C':
confpath = optarg;
if (parseuid(optarg, &target) != 0)
errx(1, "unknown user");
break;
+ case 'n':
+ nflag = 1;
+ break;
case 's':
sflag = 1;
break;
}
if (!(rule->options & NOPASS)) {
+ if (nflag)
+ errx(1, "Authorization required");
if (!auth_userokay(myname, NULL, NULL, NULL)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed password for %s", myname);