NAME

doas — execute commands as another user

SYNOPSIS

DESCRIPTION

The doas utility executes the given command as another user. The command argument is mandatory unless -C or -s is specified.

The options are as follows:

-a style

Use the specified authentication style when validating the user, as allowed by /etc/login.conf. A list of doas-specific authentication methods may be configured by adding an ‘auth-doas’ entry in login.conf(5).

-C config

Parse and check the configuration file config, then exit. If command is supplied, doas will also perform command matching. In the latter case either ‘permit’, ‘permit nopass’ or ‘deny’ will be printed on standard output, depending on command matching results. No command is executed.

-n

Non interactive mode, fail if doas would prompt for password.

-s

Execute the shell from SHELL or /etc/passwd.

-u user

Execute the command as user. The default is root.

EXIT STATUS

The doas utility exits 0 on success, and >0 if an error occurs. It may fail for one of the following reasons:

• The config file /etc/doas.conf could not be parsed.
• The user attempted to run a command which is not permitted.
• The password was incorrect.
• The specified command was not found or is not executable.

SEE ALSO

su(1), doas.conf(5)

HISTORY

The doas command first appeared in OpenBSD 5.8.

AUTHORS

Ted Unangst <tedu@openbsd.org>