I was following the doas.conf example in <https://man.openbsd.org/OpenBSD-6.0/man5/doas.conf.5>
Specially I added the below: permit nopass setenv { \ FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \ DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \ MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \ PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \ SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc Above these I have my regular conf of: permit :wheel permit persist keepenv root permit persist keepenv jjf as root permit nopass jjf cmd reboot I find that with that I can run the below commands without being prompted for a password from doas. Is that expected from the above settings? The description implies that this is helpful for building ports. $ doas su root $ doas sysupgrade $ doas pkg_add -u Without the example settings I am prompted for a password for the above commands. I am on: kern.version=OpenBSD 7.2-current (GENERIC.MP) #1005: Sun Jan 29 21:01:12 MST 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP