DOAS.CONF(5) | File Formats Manual | DOAS.CONF(5) |
doas.conf
— doas
configuration file
The doas(1) utility executes commands as other
users according to the rules in the doas.conf
configuration file.
The rules have the following format:
permit
|deny
[options] identity
[as
target]
[cmd
command
[args
...]]Rules consist of the following parts:
permit
|deny
nopass
nolog
persist
keepenv
setenv
{
[variable ...]
[variable=value ...]
}
$
’ then the value to be
set is taken from the existing environment variable of the indicated
name. This option is processed after the default environment has been
created.as
targetcmd
commandPATH
will be searched.args
[argument ...]args
alone
means that command must be run without any arguments.The last matching rule determines the action taken. If no rule matches, the action is denied.
Comments can be put anywhere in the file using a hash mark (‘#’), and extend to the end of the current line.
The following quoting rules apply:
The following example permits user aja to install packages from a
preferred mirror; group wheel to execute commands as any user while keeping
the environment variables PS1
and
SSH_AUTH_SOCK
and unsetting
ENV
; permits tedu to run procmap as root without a
password; and additionally permits root to run unrestricted commands as
itself while retaining the original PATH.
permit persist setenv { PKG_CACHE PKG_PATH } aja cmd pkg_add permit setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel permit nopass tedu as root cmd /usr/sbin/procmap permit nopass keepenv setenv { PATH } root as root
The doas.conf
configuration file first
appeared in OpenBSD 5.8.
Ted Unangst <tedu@openbsd.org>
October 9, 2020 | Debian |