visudo
—
visudo |
[-chqsV -f sudoers |
visudo
edits the
sudoers file in a safe fashion, analogous to
vipw(8).
visudo
locks the
sudoers file against multiple simultaneous edits,
provides basic sanity checks, and checks for parse errors. If the
sudoers file is currently being edited you will
receive a message to try again later.
There is a hard-coded list of one or more editors that
visudo
will use set at compile-time that
may be overridden via the editor
sudoers Default
variable.
This list defaults to vi
. Normally,
visudo
does not honor the
VISUAL
or
EDITOR
environment variables unless they
contain an editor in the aforementioned editors list. However, if
visudo
is configured with the
--with-env-editor
option or the
env_editor Default
variable is set in sudoers,
visudo
will use any the editor defines by
VISUAL
or
EDITOR
. Note that this can be a security
hole since it allows the user to execute any program they wish simply by
setting VISUAL
or
EDITOR
.
visudo
parses the
sudoers file after the edit and will not save the
changes if there is a syntax error. Upon finding an error,
visudo
will print a message stating the
line number(s) where the error occurred and the user will receive the
“What now?” prompt. At this point the user may enter
‘e
’ to re-edit the
sudoers file,
‘x
’ to exit without saving the changes,
or ‘Q
’ to quit and save changes. The
‘Q
’ option should be used with extreme
care because if visudo
believes there to be
a parse error, so will sudo
and no one will
be able to sudo
again until the error is
fixed. If ‘e
’ is typed to edit the
sudoers file after a parse error has been
detected, the cursor will be placed on the line where the error occurred (if
the editor supports this feature).
The options are as follows:
-c
,
--check
-q
option was specified. If the check
completes successfully, visudo
will
exit with a value of 0. If an error is encountered,
visudo
will exit with a value of
1.-f
sudoers,
--file
=sudoersvisudo
will edit (or
check) the sudoers file of your choice,
instead of the default, /etc/sudoers.
The lock file used is the specified sudoers
file with “.tmp” appended to it. In
check-only mode only, the argument to
-f
may be
‘-
’, indicating that
sudoers will be read from the standard
input.-h
,
--help
-q
,
--quiet
-c
option.-s
,
--strict
visudo
will consider this a
parse error. Note that it is not possible to differentiate between an
alias and a host name or user name that consists solely of uppercase
letters, digits, and the underscore
(‘_
’) character.-V
,
--version
visudo
and
sudoers grammar versions and exit.sudoers
file busy, try again later.
/etc/sudoers.tmp:
Permission denied
visudo
as root.Can't
find you in the passwd database
Warning:
{User,Runas,Host,Cmnd}_Alias referenced but not defined
_
’) character. In the latter case,
you can ignore the warnings (sudo
will
not complain). In -s
(strict) mode
these are errors, not warnings.Warning:
unused {User,Runas,Host,Cmnd}_Alias
-s
(strict) mode this is an error, not
a warning.Warning:
cycle in {User,Runas,Host,Cmnd}_Alias
sudo
will ignore cycles when
parsing the sudoers file.sudo
over the
years; this version consists of code written primarily by:
sudo
distribution (https://www.sudo.ws/sudo/contributors.html) for an exhaustive
list of people who have contributed to
sudo
.
visudo
allows shell escapes.
visudo
,
please submit a bug report at https://www.sudo.ws/sudo/bugs/
visudo
is provided “AS IS” and
any express or implied warranties, including, but not limited to, the implied
warranties of merchantability and fitness for a particular purpose are
disclaimed. See the LICENSE file distributed with
sudo
or
https://www.sudo.ws/sudo/license.html for complete details.