doas is a program to execute commands as another user. The system administrator can configure it to give specified users privileges to execute specified commands. It is free and open-source under the ISC license and available in Unix and Unix-like operating systems ([FreeBSD](../../../bsd/FreeBSD.md), [OpenBSD](../../../bsd/OpenBSD.md), [Linux](../../../linux/Linux.md)).
| `keepenv` | Environment variables other than those listed in doas are retained when creating the environment for the new process. |
| `setenv {var=value}` | Keep or set the space-separated specified variables. Variables may also be removed with a leading ‘-’ or set using the latter syntax. If the first character of value is a ‘`$`’ then the value to be set is taken from the existing environment variable of the indicated name. This option is processed after the default environment has been created. |
-`cmd`: The command the user is allowed or denied to run. The default is all commands. Be advised that it is best to specify absolute paths. If a relative path is specified, only a restricted `PATH` will be searched.
-`args`: Arguments to command. The command arguments provided by the user need to match those specified. The keyword `args` alone means that command must be run without any arguments.
The last matching rule determines the action taken. If no rule matches, the action is denied.
Comments can be put anywhere in the file using a hash mark (‘#’), and extend to the end of the current line.
The following quoting rules apply:
- The text between a pair of double quotes (‘"’) is taken as is.
- The backslash character (‘\’) escapes the next character, including new line characters, outside comments; as a result, comments may not be extended over multiple lines.
- If quotes or backslashes are used in a word, it is not considered a keyword.
### Examples
```
permit persist setenv { PKG_CACHE PKG_PATH } aja cmd pkg_add
