diff options
authorIngo Schwarze <schwarze@openbsd.org>2015-07-17 20:50:31 +0000
committerIngo Schwarze <schwarze@openbsd.org>2015-07-17 20:50:31 +0000
commitc6b63a4712f2c5652a0b246d200330a36ce32020 (patch)
parent6ec6fe96392735403a2a33f6ca9fb42d8e54b42e (diff)
add some missing content and markup and optimize some indentation
ok tedu@
2 files changed, 28 insertions, 15 deletions
diff --git a/doas.1 b/doas.1
index e075b6b..19d5969 100644
--- a/doas.1
+++ b/doas.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.1,v 1.2 2015/07/17 17:11:18 tedu Exp $
+.\" $OpenBSD: doas.1,v 1.3 2015/07/17 20:24:41 tedu Exp $
.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
@@ -22,7 +22,7 @@
.Nm doas
.Op Fl u Ar user
+.Ar command
.Op Ar args
diff --git a/doas.conf.5 b/doas.conf.5
index da2996f..a72f084 100644
--- a/doas.conf.5
+++ b/doas.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.conf.5,v 1.1 2015/07/16 20:44:21 tedu Exp $
+.\" $OpenBSD: doas.conf.5,v 1.2 2015/07/16 21:24:07 nicm Exp $
.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
@@ -28,33 +28,37 @@ in the
configuration file.
The rules have the following format:
-.Bd -literal -offset indent
-permit|deny [options] [identity] [as target] [cmd command]
+.Bd -ragged -offset indent
+.Ic permit Ns | Ns Ic deny
+.Op Ar options
+.Op Ar identity
+.Op Ic as Ar target
+.Op Ic cmd Ar command
Rules consist of the following parts:
-.Bl -tag -width tenletters
-.It permit|deny
+.Bl -tag -width 11n
+.It Ic permit Ns | Ns Ic deny
The action to be taken if this rule matches.
-.It options
+.It Ar options
Options are:
-.Bl -tag -width tenletters
-.It nopass
+.Bl -tag -width keepenv
+.It Ic nopass
The user is not required to enter a password.
-.It keepenv
+.It Ic keepenv
The user's environment is maintained.
The default is to reset the environment.
-.It keepenv { [variable names] }
+.It Ic keepenv { Oo variable names Oc Ic }
Reset the environment, but keep the specified variables.
-.It identity
+.It Ar identity
The username to match.
Groups may be specified by prepending a colon (:).
Numeric IDs are also accepted.
-.It as target
+.It Ic as Ar target
The target user the running user is allowed to run the command as.
The default is root.
-.It cmd command
+.It Ic cmd Ar command
The command the user is allowed or denied to run.
The default is all commands.
Be advised that it's best to specify absolute paths.
@@ -68,3 +72,12 @@ and additionally permits tedu to run procmap as root without a password.
permit :wheel
permit nopass tedu cmd /usr/sbin/procmap
+.Xr doas 1
+configuration file first appeared in
+.Ox 5.8 .
+.An Ted Unangst Aq Mt tedu@openbsd.org