Provided by: opendoas_6.8.2-1_amd64 bug


     doas — execute commands as another user


     doas [-Lns] [-C config] [-u user] command [args]


     The doas utility executes the given command as another user.  The command argument is
     mandatory unless -C, -L, or -s is specified.

     The user will be required to authenticate by entering their password, unless configured

     By default, a new environment is created.  The variables HOME, LOGNAME, PATH, SHELL, and
     USER and the umask(2) are set to values appropriate for the target user.  DOAS_USER is set
     to the name of the user executing doas.  The variables DISPLAY and TERM are inherited from
     the current environment.  This behavior may be modified by the config file.  The working
     directory is not changed.

     The options are as follows:

     -C config   Parse and check the configuration file config, then exit.  If command is
                 supplied, doas will also perform command matching.  In the latter case either
                 ‘permit’, ‘permit nopass’ or ‘deny’ will be printed on standard output,
                 depending on command matching results.  No command is executed.

     -L          Clear any persisted authentications from previous invocations, then immediately
                 exit.  No command is executed.

     -n          Non interactive mode, fail if the matching rule doesn't have the nopass option.

     -s          Execute the shell from SHELL or /etc/passwd.

     -u user     Execute the command as user.  The default is root.


     The doas utility exits 0 on success, and >0 if an error occurs.  It may fail for one of the
     following reasons:

        The config file /etc/doas.conf could not be parsed.
        The user attempted to run a command which is not permitted.
        The password was incorrect.
        The specified command was not found or is not executable.


     su(1), doas.conf(5)


     The doas command first appeared in OpenBSD 5.8.


     Ted Unangst <>