mirror of
https://github.com/slicer69/doas
synced 2024-10-01 13:43:37 +00:00
Updated manual pages to address situations where multiple usernames
resolve to the same UID and how the "as" syntax in the doas.conf file is affected.
This commit is contained in:
parent
5d84815124
commit
9a4eb403de
3
doas.1
3
doas.1
|
@ -88,6 +88,9 @@ or
|
||||||
Execute the command as
|
Execute the command as
|
||||||
.Ar user .
|
.Ar user .
|
||||||
The default is root.
|
The default is root.
|
||||||
|
Please note: On some systems multiple usernames can resolve to one UID. For example, root and
|
||||||
|
toor both resolve to UID 0 on FreeBSD. Please see the "as" syntax section of the doas.conf manual page for details on
|
||||||
|
how doas handles this situation.
|
||||||
.It Fl -
|
.It Fl -
|
||||||
Any dashes after a combined double dash (--) will be interpreted as part of the command to be run or its parameters. Not an argument passed to doas itself.
|
Any dashes after a combined double dash (--) will be interpreted as part of the command to be run or its parameters. Not an argument passed to doas itself.
|
||||||
.El
|
.El
|
||||||
|
|
12
doas.conf.5
12
doas.conf.5
|
@ -91,6 +91,18 @@ Numeric IDs are also accepted.
|
||||||
.It Ic as Ar target
|
.It Ic as Ar target
|
||||||
The target user the running user is allowed to run the command as.
|
The target user the running user is allowed to run the command as.
|
||||||
The default is all users.
|
The default is all users.
|
||||||
|
Please be aware that on some systems multiple usernames can resolve to
|
||||||
|
the same UID. For example, on FreeBSD it is common to have both toor and root
|
||||||
|
resolve to UID 0. The doas utility will allow any username that matches a shared
|
||||||
|
UID to match when the -u flag is invoked. This means if you have the rule
|
||||||
|
.Bd -literal -offset indent
|
||||||
|
permit alice as toor
|
||||||
|
|
||||||
|
.Ed
|
||||||
|
in your doas.conf file, the command "doas -u root" can be successfully run from
|
||||||
|
Alice's account in situations where both root and toor share the same UID. In short,
|
||||||
|
doas cares about the UID behind the username, not the specific username given on the
|
||||||
|
command line.
|
||||||
.It Ic cmd Ar command
|
.It Ic cmd Ar command
|
||||||
The command the user is allowed or denied to run.
|
The command the user is allowed or denied to run.
|
||||||
The default is all commands.
|
The default is all commands.
|
||||||
|
|
Loading…
Reference in a new issue