mirror of
https://github.com/slicer69/doas
synced 2024-09-30 05:03:36 +00:00
Updated manual pages to address situations where multiple usernames
resolve to the same UID and how the "as" syntax in the doas.conf file is affected.
This commit is contained in:
parent
5d84815124
commit
9a4eb403de
3
doas.1
3
doas.1
|
@ -88,6 +88,9 @@ or
|
|||
Execute the command as
|
||||
.Ar user .
|
||||
The default is root.
|
||||
Please note: On some systems multiple usernames can resolve to one UID. For example, root and
|
||||
toor both resolve to UID 0 on FreeBSD. Please see the "as" syntax section of the doas.conf manual page for details on
|
||||
how doas handles this situation.
|
||||
.It Fl -
|
||||
Any dashes after a combined double dash (--) will be interpreted as part of the command to be run or its parameters. Not an argument passed to doas itself.
|
||||
.El
|
||||
|
|
12
doas.conf.5
12
doas.conf.5
|
@ -91,6 +91,18 @@ Numeric IDs are also accepted.
|
|||
.It Ic as Ar target
|
||||
The target user the running user is allowed to run the command as.
|
||||
The default is all users.
|
||||
Please be aware that on some systems multiple usernames can resolve to
|
||||
the same UID. For example, on FreeBSD it is common to have both toor and root
|
||||
resolve to UID 0. The doas utility will allow any username that matches a shared
|
||||
UID to match when the -u flag is invoked. This means if you have the rule
|
||||
.Bd -literal -offset indent
|
||||
permit alice as toor
|
||||
|
||||
.Ed
|
||||
in your doas.conf file, the command "doas -u root" can be successfully run from
|
||||
Alice's account in situations where both root and toor share the same UID. In short,
|
||||
doas cares about the UID behind the username, not the specific username given on the
|
||||
command line.
|
||||
.It Ic cmd Ar command
|
||||
The command the user is allowed or denied to run.
|
||||
The default is all commands.
|
||||
|
|
Loading…
Reference in a new issue