doas:tldr:a4ffe

The command "doas -L" is used to list the permissions and capabilities associated with the doas (do as) utility. Doas is a simplified alternative to the sudo command found in some Unix-like operating systems, such as OpenBSD.

When you run "doas -L" in the terminal, it displays the contents of the doas.conf file, which contains a list of rules and permissions for executing commands with elevated privileges. These rules define which users are allowed to run specific commands, what commands they can run, and any additional flags or options they can use.

The output of "doas -L" typically includes information such as user aliases, command aliases, and the associated permissions for each alias. It provides a clear overview of what users are permitted to do by using doas.

For example, the output may look like:

# Configuration for the doas command
# User aliases
user1 = (root) NOPASSWD: /usr/sbin/reboot
user2 = (admin) NOPASSWD: /usr/bin/apt-get update
user3 = (operator) /usr/bin/start-stop-daemon --start

# Command aliases
Cmnd_Alias SHUTDOWN = /sbin/poweroff, /sbin/reboot
Cmnd_Alias NETWORK = /sbin/ifconfig, /sbin/ifup, /sbin/ifdown

# Permissions
user1: SHUTDOWN
user2: NETWORK
user3: ALL

In this example, user1 is allowed to run the /usr/sbin/reboot command as root without providing a password. user2 can run the /usr/bin/apt-get update command as the admin user without a password. user3 is allowed to run the /usr/bin/start-stop-daemon --start command as the operator user. The command aliases SHUTDOWN and NETWORK define groups of commands that are allowed for specific users.

By reviewing the output of "doas -L," users can understand their elevated privileges and the commands they are allowed to run with the doas utility.