logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

doas.1 (2930B)


  1. .\" $OpenBSD: doas.1,v 1.26 2022/12/22 19:53:22 kn Exp $
  2. .\"
  3. .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  4. .\"
  5. .\"Permission to use, copy, modify, and distribute this software for any
  6. .\"purpose with or without fee is hereby granted, provided that the above
  7. .\"copyright notice and this permission notice appear in all copies.
  8. .\"
  9. .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  10. .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  11. .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  12. .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13. .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14. .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  15. .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. .Dd $Mdocdate: December 22 2022 $
  17. .Dt DOAS 1
  18. .Os
  19. .Sh NAME
  20. .Nm doas
  21. .Nd execute commands as another user
  22. .Sh SYNOPSIS
  23. .Nm doas
  24. .Op Fl Lns
  25. .Op Fl C Ar config
  26. .Op Fl u Ar user
  27. .Ar command
  28. .Op Ar arg ...
  29. .Sh DESCRIPTION
  30. The
  31. .Nm
  32. utility executes the given command as another user.
  33. The
  34. .Ar command
  35. argument is mandatory unless
  36. .Fl C ,
  37. .Fl L ,
  38. or
  39. .Fl s
  40. is specified.
  41. .Pp
  42. The user will be required to authenticate by entering their password,
  43. unless configured otherwise.
  44. .Pp
  45. By default, a new environment is created.
  46. The variables
  47. .Ev HOME ,
  48. .Ev LOGNAME ,
  49. .Ev PATH ,
  50. .Ev SHELL ,
  51. and
  52. .Ev USER
  53. and the
  54. .Xr umask 2
  55. are set to values appropriate for the target user.
  56. .Ev DOAS_USER
  57. is set to the name of the user executing
  58. .Nm .
  59. The variables
  60. .Ev DISPLAY
  61. and
  62. .Ev TERM
  63. are inherited from the current environment.
  64. This behavior may be modified by the config file.
  65. The working directory is not changed.
  66. .Pp
  67. The options are as follows:
  68. .Bl -tag -width tenletters
  69. .It Fl C Ar config
  70. Parse and check the configuration file
  71. .Ar config ,
  72. then exit.
  73. If
  74. .Ar command
  75. is supplied,
  76. .Nm
  77. will also perform command matching.
  78. In the latter case
  79. either
  80. .Sq permit ,
  81. .Sq permit nopass
  82. or
  83. .Sq deny
  84. will be printed on standard output, depending on command
  85. matching results.
  86. No command is executed.
  87. .It Fl L
  88. Clear any persisted authentications from previous invocations,
  89. then immediately exit.
  90. No command is executed.
  91. .It Fl n
  92. Non interactive mode, fail if the matching rule doesn't have the
  93. .Ic nopass
  94. option.
  95. .It Fl s
  96. Execute the shell from
  97. .Ev SHELL
  98. or
  99. .Pa /etc/passwd .
  100. .It Fl u Ar user
  101. Execute the command as
  102. .Ar user .
  103. The default is root.
  104. .El
  105. .Sh EXIT STATUS
  106. .Ex -std doas
  107. It may fail for one of the following reasons:
  108. .Pp
  109. .Bl -bullet -compact
  110. .It
  111. The config file
  112. .Pa /etc/doas.conf
  113. could not be parsed.
  114. .It
  115. The user attempted to run a command which is not permitted.
  116. .It
  117. The password was incorrect.
  118. .It
  119. The specified command was not found or is not executable.
  120. .El
  121. .Sh SEE ALSO
  122. .Xr su 1 ,
  123. .Xr doas.conf 5
  124. .Sh HISTORY
  125. The
  126. .Nm
  127. command first appeared in
  128. .Ox 5.8 .
  129. .Sh AUTHORS
  130. .An Ted Unangst Aq Mt tedu@openbsd.org