While DOAS_USER is not documented in doas(1) it is in the original OpenBSD man page (https://man.openbsd.org/doas) as:
I did some testing and it turns out FreeBSDs port also sets this environment variable. Not to the user running
also seem to suggest that the expected value of DOAS_USER is the calling users name not the resulting users.
My doas.conf file looks like this:
Using the account myuser to run
Edit: Using a group name in doas.conf instead of the username also does not change the behavior.
DOAS_USER is set to the name of the user executing doas.
I did some testing and it turns out FreeBSDs port also sets this environment variable. Not to the user running
doas
but to the user the command is being executed with though which is somewhat pointless in my opinion. Posts like View: https://old.reddit.com/r/voidlinux/comments/e7iu29/help_doas_specify_home_for_command/fa3gbjn/also seem to suggest that the expected value of DOAS_USER is the calling users name not the resulting users.
My doas.conf file looks like this:
permit nopass myuser as root cmd /usr/local/lib/some/script
Using the account myuser to run
doas /usr/local/lib/some/script
results in DOAS_USER having the value of root. Omitting as root in doas.conf or adding -u root to the doas
command does not change this behavior. Is this expected, am i missing something obvious here or is this a bug?Edit: Using a group name in doas.conf instead of the username also does not change the behavior.