VISUDO(1m)                   System Manager's Manual                  VISUDO(1m)

NNAAMMEE
     vviissuuddoo - edit the sudoers file

SSYYNNOOPPSSIISS
     vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s]

DDEESSCCRRIIPPTTIIOONN
     vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to vipw(1m).
     vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits,
     provides basic sanity checks, and checks for parse errors.  If the
     _s_u_d_o_e_r_s file is currently being edited you will receive a message to try
     again later.

     There is a hard-coded list of one or more editors that vviissuuddoo will use
     set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default
     variable.  This list defaults to vi.  Normally, vviissuuddoo does not honor the
     VISUAL or EDITOR environment variables unless they contain an editor in
     the aforementioned editors list.  However, if vviissuuddoo is configured with
     the --with-env-editor option or the _e_n_v___e_d_i_t_o_r Default variable is set in
     _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by VISUAL or EDITOR.
     Note that this can be a security hole since it allows the user to execute
     any program they wish simply by setting VISUAL or EDITOR.

     vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the
     changes if there is a syntax error.  Upon finding an error, vviissuuddoo will
     print a message stating the line number(s) where the error occurred and
     the user will receive the ``What now?''  prompt.  At this point the user
     may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the
     changes, or `Q' to quit and save changes.  The `Q' option should be used
     with extreme care because if vviissuuddoo believes there to be a parse error,
     so will ssuuddoo and no one will be able to ssuuddoo again until the error is
     fixed.  If `e' is typed to edit the _s_u_d_o_e_r_s file after a parse error has
     been detected, the cursor will be placed on the line where the error
     occurred (if the editor supports this feature).

     The options are as follows:

     --cc          Enable _c_h_e_c_k_-_o_n_l_y mode.  The existing _s_u_d_o_e_r_s file will be
                 checked for syntax errors, owner and mode.  A message will be
                 printed to the standard output describing the status of
                 _s_u_d_o_e_r_s unless the --qq option was specified.  If the check
                 completes successfully, vviissuuddoo will exit with a value of 0.
                 If an error is encountered, vviissuuddoo will exit with a value of
                 1.

     --ff _s_u_d_o_e_r_s  Specify and alternate _s_u_d_o_e_r_s file location.  With this
                 option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your
                 choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s.  The lock file
                 used is the specified _s_u_d_o_e_r_s file with ``.tmp'' appended to
                 it.  In _c_h_e_c_k_-_o_n_l_y mode only, the argument to --ff may be `-',
                 indicating that _s_u_d_o_e_r_s will be read from the standard input.

     --hh          The --hh (_h_e_l_p) option causes vviissuuddoo to print a short help
                 message to the standard output and exit.

     --qq          Enable _q_u_i_e_t mode.  In this mode details about syntax errors
                 are not printed.  This option is only useful when combined
                 with the --cc option.

     --ss          Enable _s_t_r_i_c_t checking of the _s_u_d_o_e_r_s file.  If an alias is
                 used before it is defined, vviissuuddoo will consider this a parse
                 error.  Note that it is not possible to differentiate between
                 an alias and a host name or user name that consists solely of
                 uppercase letters, digits, and the underscore (`_')
                 character.

     --VV          The --VV (_v_e_r_s_i_o_n) option causes vviissuuddoo to print its version
                 number and exit.

EENNVVIIRROONNMMEENNTT
     The following environment variables may be consulted depending on the
     value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s settings:

     VISUAL           Invoked by vviissuuddoo as the editor to use

     EDITOR           Used by vviissuuddoo if VISUAL is not set

FFIILLEESS
     _/_e_t_c_/_s_u_d_o_e_r_s              List of who can run what

     _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p          Lock file for visudo

DDIIAAGGNNOOSSTTIICCSS
     sudoers file busy, try again later.
           Someone else is currently editing the _s_u_d_o_e_r_s file.

     /etc/sudoers.tmp: Permission denied
           You didn't run vviissuuddoo as root.

     Can't find you in the passwd database
           Your user ID does not appear in the system passwd file.

     Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
           Either you are trying to use an undeclared
           {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
           that consists solely of uppercase letters, digits, and the
           underscore (`_') character.  In the latter case, you can ignore the
           warnings (ssuuddoo will not complain).  In --ss (strict) mode these are
           errors, not warnings.

     Warning: unused {User,Runas,Host,Cmnd}_Alias
           The specified {User,Runas,Host,Cmnd}_Alias was defined but never
           used.  You may wish to comment out or remove the unused alias.  In
           --ss (strict) mode this is an error, not a warning.

     Warning: cycle in {User,Runas,Host,Cmnd}_Alias
           The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
           itself, either directly or through an alias it includes.  This is
           only a warning by default as ssuuddoo will ignore cycles when parsing
           the _s_u_d_o_e_r_s file.

SSEEEE AALLSSOO
     vi(1), sudoers(4), sudo(1m), vipw(1m)

AAUUTTHHOORRSS
     Many people have worked on ssuuddoo over the years; this version consists of
     code written primarily by:

           Todd C. Miller

     See the CONTRIBUTORS file in the ssuuddoo distribution
     (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
     people who have contributed to ssuuddoo.

CCAAVVEEAATTSS
     There is no easy way to prevent a user from gaining a root shell if the
     editor used by vviissuuddoo allows shell escapes.

BBUUGGSS
     If you feel you have found a bug in vviissuuddoo, please submit a bug report at
     http://www.sudo.ws/sudo/bugs/

SSUUPPPPOORRTT
     Limited free support is available via the sudo-users mailing list, see
     http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
     archives.

DDIISSCCLLAAIIMMEERR
     vviissuuddoo is provided ``AS IS'' and any express or implied warranties,
     including, but not limited to, the implied warranties of merchantability
     and fitness for a particular purpose are disclaimed.  See the LICENSE
     file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for
     complete details.

Sudo 1.7.10                      July 12, 2012                     Sudo 1.7.10