table of contents
DOAS(1) | General Commands Manual | DOAS(1) |
NAME¶
doas
— execute
commands as another user
SYNOPSIS¶
doas |
[-Lns ] [-C
config] [-u
user] command
[args] |
DESCRIPTION¶
The doas
utility executes the given
command as another user. The command argument is
mandatory unless -C
, -L
, or
-s
is specified.
The user will be required to authenticate by entering their password, unless configured otherwise.
By default, a new environment is created. The variables
HOME
, LOGNAME
,
PATH
, SHELL
, and
USER
and the umask(2) are set to
values appropriate for the target user. DOAS_USER
is
set to the name of the user executing doas
. The
variables DISPLAY
and TERM
are inherited from the current environment. This behavior may be modified by
the config file. The working directory is not changed.
The options are as follows:
-C
config- Parse and check the configuration file config, then
exit. If command is supplied,
doas
will also perform command matching. In the latter case either ‘permit’, ‘permit nopass’ or ‘deny’ will be printed on standard output, depending on command matching results. No command is executed. -L
- Clear any persisted authentications from previous invocations, then immediately exit. No command is executed.
-n
- Non interactive mode, fail if the matching rule doesn't have the
nopass
option. -s
- Execute the shell from
SHELL
or /etc/passwd. -u
user- Execute the command as user. The default is root.
EXIT STATUS¶
The doas
utility exits 0 on
success, and >0 if an error occurs. It may fail for one of the
following reasons:
- The config file /etc/doas.conf could not be parsed.
- The user attempted to run a command which is not permitted.
- The password was incorrect.
- The specified command was not found or is not executable.
SEE ALSO¶
HISTORY¶
The doas
command first appeared in
OpenBSD 5.8.
AUTHORS¶
Ted Unangst <tedu@openbsd.org>
January 16, 2021 | Debian |