VISUDO(1m) System Manager's Manual VISUDO(1m)
N�NA�AM�ME�E
v�vi�is�su�ud�do�o - edit the sudoers file
S�SY�YN�NO�OP�PS�SI�IS�S
v�vi�is�su�ud�do�o [-�-c�ch�hq�qs�sV�V] [-�-f�f _�s_�u_�d_�o_�e_�r_�s]
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
v�vi�is�su�ud�do�o edits the _�s_�u_�d_�o_�e_�r_�s file in a safe fashion, analogous to vipw(1m).
v�vi�is�su�ud�do�o locks the _�s_�u_�d_�o_�e_�r_�s file against multiple simultaneous edits,
provides basic sanity checks, and checks for parse errors. If the
_�s_�u_�d_�o_�e_�r_�s file is currently being edited you will receive a message to try
again later.
There is a hard-coded list of one or more editors that v�vi�is�su�ud�do�o will use
set at compile-time that may be overridden via the _�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s Default
variable. This list defaults to vi. Normally, v�vi�is�su�ud�do�o does not honor the
VISUAL or EDITOR environment variables unless they contain an editor in
the aforementioned editors list. However, if v�vi�is�su�ud�do�o is configured with
the --with-env-editor option or the _�e_�n_�v_�__�e_�d_�i_�t_�o_�r Default variable is set in
_�s_�u_�d_�o_�e_�r_�s, v�vi�is�su�ud�do�o will use any the editor defines by VISUAL or EDITOR.
Note that this can be a security hole since it allows the user to execute
any program they wish simply by setting VISUAL or EDITOR.
v�vi�is�su�ud�do�o parses the _�s_�u_�d_�o_�e_�r_�s file after the edit and will not save the
changes if there is a syntax error. Upon finding an error, v�vi�is�su�ud�do�o will
print a message stating the line number(s) where the error occurred and
the user will receive the ``What now?'' prompt. At this point the user
may enter `e' to re-edit the _�s_�u_�d_�o_�e_�r_�s file, `x' to exit without saving the
changes, or `Q' to quit and save changes. The `Q' option should be used
with extreme care because if v�vi�is�su�ud�do�o believes there to be a parse error,
so will s�su�ud�do�o and no one will be able to s�su�ud�do�o again until the error is
fixed. If `e' is typed to edit the _�s_�u_�d_�o_�e_�r_�s file after a parse error has
been detected, the cursor will be placed on the line where the error
occurred (if the editor supports this feature).
The options are as follows:
-�-c�c Enable _�c_�h_�e_�c_�k_�-_�o_�n_�l_�y mode. The existing _�s_�u_�d_�o_�e_�r_�s file will be
checked for syntax errors, owner and mode. A message will be
printed to the standard output describing the status of
_�s_�u_�d_�o_�e_�r_�s unless the -�-q�q option was specified. If the check
completes successfully, v�vi�is�su�ud�do�o will exit with a value of 0.
If an error is encountered, v�vi�is�su�ud�do�o will exit with a value of
1.
-�-f�f _�s_�u_�d_�o_�e_�r_�s Specify and alternate _�s_�u_�d_�o_�e_�r_�s file location. With this
option v�vi�is�su�ud�do�o will edit (or check) the _�s_�u_�d_�o_�e_�r_�s file of your
choice, instead of the default, _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s. The lock file
used is the specified _�s_�u_�d_�o_�e_�r_�s file with ``.tmp'' appended to
it. In _�c_�h_�e_�c_�k_�-_�o_�n_�l_�y mode only, the argument to -�-f�f may be `-',
indicating that _�s_�u_�d_�o_�e_�r_�s will be read from the standard input.
-�-h�h The -�-h�h (_�h_�e_�l_�p) option causes v�vi�is�su�ud�do�o to print a short help
message to the standard output and exit.
-�-q�q Enable _�q_�u_�i_�e_�t mode. In this mode details about syntax errors
are not printed. This option is only useful when combined
with the -�-c�c option.
-�-s�s Enable _�s_�t_�r_�i_�c_�t checking of the _�s_�u_�d_�o_�e_�r_�s file. If an alias is
used before it is defined, v�vi�is�su�ud�do�o will consider this a parse
error. Note that it is not possible to differentiate between
an alias and a host name or user name that consists solely of
uppercase letters, digits, and the underscore (`_')
character.
-�-V�V The -�-V�V (_�v_�e_�r_�s_�i_�o_�n) option causes v�vi�is�su�ud�do�o to print its version
number and exit.
E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T
The following environment variables may be consulted depending on the
value of the _�e_�d_�i_�t_�o_�r and _�e_�n_�v_�__�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s settings:
VISUAL Invoked by v�vi�is�su�ud�do�o as the editor to use
EDITOR Used by v�vi�is�su�ud�do�o if VISUAL is not set
F�FI�IL�LE�ES�S
_�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s List of who can run what
_�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s_�._�t_�m_�p Lock file for visudo
D�DI�IA�AG�GN�NO�OS�ST�TI�IC�CS�S
sudoers file busy, try again later.
Someone else is currently editing the _�s_�u_�d_�o_�e_�r_�s file.
/etc/sudoers.tmp: Permission denied
You didn't run v�vi�is�su�ud�do�o as root.
Can't find you in the passwd database
Your user ID does not appear in the system passwd file.
Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
Either you are trying to use an undeclared
{User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
that consists solely of uppercase letters, digits, and the
underscore (`_') character. In the latter case, you can ignore the
warnings (s�su�ud�do�o will not complain). In -�-s�s (strict) mode these are
errors, not warnings.
Warning: unused {User,Runas,Host,Cmnd}_Alias
The specified {User,Runas,Host,Cmnd}_Alias was defined but never
used. You may wish to comment out or remove the unused alias. In
-�-s�s (strict) mode this is an error, not a warning.
Warning: cycle in {User,Runas,Host,Cmnd}_Alias
The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
itself, either directly or through an alias it includes. This is
only a warning by default as s�su�ud�do�o will ignore cycles when parsing
the _�s_�u_�d_�o_�e_�r_�s file.
S�SE�EE�E A�AL�LS�SO�O
vi(1), sudoers(4), sudo(1m), vipw(1m)
A�AU�UT�TH�HO�OR�RS�S
Many people have worked on s�su�ud�do�o over the years; this version consists of
code written primarily by:
Todd C. Miller
See the CONTRIBUTORS file in the s�su�ud�do�o distribution
(http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
people who have contributed to s�su�ud�do�o.
C�CA�AV�VE�EA�AT�TS�S
There is no easy way to prevent a user from gaining a root shell if the
editor used by v�vi�is�su�ud�do�o allows shell escapes.
B�BU�UG�GS�S
If you feel you have found a bug in v�vi�is�su�ud�do�o, please submit a bug report at
http://www.sudo.ws/sudo/bugs/
S�SU�UP�PP�PO�OR�RT�T
Limited free support is available via the sudo-users mailing list, see
http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
archives.
D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
v�vi�is�su�ud�do�o is provided ``AS IS'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability
and fitness for a particular purpose are disclaimed. See the LICENSE
file distributed with s�su�ud�do�o or http://www.sudo.ws/sudo/license.html for
complete details.
Sudo 1.7.10 July 12, 2012 Sudo 1.7.10