# doas
# Execute commands as another user

# Remove the folder of "/home/user" as user
# If the -u option is not specified, the command will be executed as root
doas -u user ls /home/user

# Show the contents of "/etc/shadow" as root
doas cat /etc/shadow

# Execute the shell defined in $SHELL as root
doas -s

# Permission to execute commands as another user can be given in the config file "/etc/doas.conf"
# The following line grants permission for every user in the wheel group to execute commands as root
# The option "persist" makes doas only ask for the password once in each shell session
# The colon specifies that "wheel" is a group, not a user
# And the option "keepenv" keeps the current environment variables
permit persist keepenv :wheel

# The following line in the config file rejects permission for "user" to run commands as anon
deny user as anon

# The following line in the config file allows "user" to execute only "shutdown" as root, without asking for a password
permit nopass user cmd shutdown