doas.1 - doas - https://man.openbsd.org/doas.1

doas.1 (2930B)
      1 .\" $OpenBSD: doas.1,v 1.26 2022/12/22 19:53:22 kn Exp $
      2 .\"
      3 .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
      4 .\"
      5 .\"Permission to use, copy, modify, and distribute this software for any
      6 .\"purpose with or without fee is hereby granted, provided that the above
      7 .\"copyright notice and this permission notice appear in all copies.
      8 .\"
      9 .\"THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
     10 .\"WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
     11 .\"MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
     12 .\"ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
     13 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
     14 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
     15 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
     16 .Dd $Mdocdate: December 22 2022 $
     17 .Dt DOAS 1
     18 .Os
     19 .Sh NAME
     20 .Nm doas
     21 .Nd execute commands as another user
     22 .Sh SYNOPSIS
     23 .Nm doas
     24 .Op Fl Lns
     25 .Op Fl C Ar config
     26 .Op Fl u Ar user
     27 .Ar command
     28 .Op Ar arg ...
     29 .Sh DESCRIPTION
     30 The
     31 .Nm
     32 utility executes the given command as another user.
     33 The
     34 .Ar command
     35 argument is mandatory unless
     36 .Fl C ,
     37 .Fl L ,
     38 or
     39 .Fl s
     40 is specified.
     41 .Pp
     42 The user will be required to authenticate by entering their password,
     43 unless configured otherwise.
     44 .Pp
     45 By default, a new environment is created.
     46 The variables
     47 .Ev HOME ,
     48 .Ev LOGNAME ,
     49 .Ev PATH ,
     50 .Ev SHELL ,
     51 and
     52 .Ev USER
     53 and the
     54 .Xr umask 2
     55 are set to values appropriate for the target user.
     56 .Ev DOAS_USER
     57 is set to the name of the user executing
     58 .Nm .
     59 The variables
     60 .Ev DISPLAY
     61 and
     62 .Ev TERM
     63 are inherited from the current environment.
     64 This behavior may be modified by the config file.
     65 The working directory is not changed.
     66 .Pp
     67 The options are as follows:
     68 .Bl -tag -width tenletters
     69 .It Fl C Ar config
     70 Parse and check the configuration file
     71 .Ar config ,
     72 then exit.
     73 If
     74 .Ar command
     75 is supplied,
     76 .Nm
     77 will also perform command matching.
     78 In the latter case
     79 either
     80 .Sq permit ,
     81 .Sq permit nopass
     82 or
     83 .Sq deny
     84 will be printed on standard output, depending on command
     85 matching results.
     86 No command is executed.
     87 .It Fl L
     88 Clear any persisted authentications from previous invocations,
     89 then immediately exit.
     90 No command is executed.
     91 .It Fl n
     92 Non interactive mode, fail if the matching rule doesn't have the
     93 .Ic nopass
     94 option.
     95 .It Fl s
     96 Execute the shell from
     97 .Ev SHELL
     98 or
     99 .Pa /etc/passwd .
    100 .It Fl u Ar user
    101 Execute the command as
    102 .Ar user .
    103 The default is root.
    104 .El
    105 .Sh EXIT STATUS
    106 .Ex -std doas
    107 It may fail for one of the following reasons:
    108 .Pp
    109 .Bl -bullet -compact
    110 .It
    111 The config file
    112 .Pa /etc/doas.conf
    113 could not be parsed.
    114 .It
    115 The user attempted to run a command which is not permitted.
    116 .It
    117 The password was incorrect.
    118 .It
    119 The specified command was not found or is not executable.
    120 .El
    121 .Sh SEE ALSO
    122 .Xr su 1 ,
    123 .Xr doas.conf 5
    124 .Sh HISTORY
    125 The
    126 .Nm
    127 command first appeared in
    128 .Ox 5.8 .
    129 .Sh AUTHORS
    130 .An Ted Unangst Aq Mt tedu@openbsd.org