1 files changed, 43 insertions, 0 deletions

diff --git a/doas.conf b/doas.conf
new file mode 100644
index 000000000000..818e1040aff0
--- /dev/null
+++ b/doas.conf
@@ -0,0 +1,43 @@
+## Sample configuration file for doas
+## Please see doas.conf manual page for information on setting
+## up a doas.conf file.
+##
+## This file should be edited using `vidoas` to prevent syntax errors
+##
+## doas.conf is read from top to bottom, and the last matching rule
+## will be used
+
+## This file defines which users should (not) be allowed to use doas
+
+## Allow root user to use doas:
+permit root
+## alternatively: permit 0
+
+## Allow members of the wheel group to use doas (note the colon):
+# permit :wheel
+
+## Deny user malloy to use doas:
+# deny malloy
+
+## Allow alice to 'doas' bob:
+# permit alice as bob
+
+## Deny Bob to run pacman:
+# deny bob cmd pacman
+
+# Allow Bob to update packages using pacman
+# allow bob cmd /usr/bin/pacman -Syu
+
+## If a command without path is specified,
+## the command will be searched in
+## usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+## (not PATH).
+
+## Allow Bob to update packages without entering his pasword:
+# allow nopass bob cmd /usr/bin/pacman -Syu
+
+## Maintain the user's environment:
+# allow keepenv alice
+## Variables may also be set using setenv { \
+##     PKG_CACHE RELEASE_DIR=/var/local/ \
+## }