1 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
6 visudo - edit the sudoers file
8 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
9 v
\bvi
\bis
\bsu
\bud
\bdo
\bo [-
\b-c
\bch
\bhq
\bqs
\bsV
\bV] [-
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs]
11 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
12 v
\bvi
\bis
\bsu
\bud
\bdo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous to _
\bv_
\bi_
\bp_
\bw(1m).
13 v
\bvi
\bis
\bsu
\bud
\bdo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multiple simultaneous edits,
14 provides basic sanity checks, and checks for parse errors. If the
15 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently being edited you will receive a message to
18 There is a hard-coded list of one or more editors that v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use
19 set at compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs
20 Default variable. This list defaults to "vi". Normally, v
\bvi
\bis
\bsu
\bud
\bdo
\bo does
21 not honor the VISUAL or EDITOR environment variables unless they
22 contain an editor in the aforementioned editors list. However, if
23 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\b-_
\be_
\bd_
\bi_
\bt_
\bo_
\br option or the
24 _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br Default variable is set in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use any the
25 editor defines by VISUAL or EDITOR. Note that this can be a security
26 hole since it allows the user to execute any program they wish simply
27 by setting VISUAL or EDITOR.
29 v
\bvi
\bis
\bsu
\bud
\bdo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not save the
30 changes if there is a syntax error. Upon finding an error, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will
31 print a message stating the line number(s) where the error occurred and
32 the user will receive the "What now?" prompt. At this point the user
33 may enter "e" to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, "x" to exit without saving
34 the changes, or "Q" to quit and save changes. The "Q" option should be
35 used with extreme care because if v
\bvi
\bis
\bsu
\bud
\bdo
\bo believes there to be a parse
36 error, so will s
\bsu
\bud
\bdo
\bo and no one will be able to s
\bsu
\bud
\bdo
\bo again until the
37 error is fixed. If "e" is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after a
38 parse error has been detected, the cursor will be placed on the line
39 where the error occurred (if the editor supports this feature).
41 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
42 v
\bvi
\bis
\bsu
\bud
\bdo
\bo accepts the following command line options:
44 -c Enable c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file will be
45 checked for syntax and a message will be printed to the
46 standard output detailing the status of _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. If the
47 syntax check completes successfully, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with
48 a value of 0. If a syntax error is encountered, v
\bvi
\bis
\bsu
\bud
\bdo
\bo
49 will exit with a value of 1.
51 -f _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Specify and alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With this
52 option v
\bvi
\bis
\bsu
\bud
\bdo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file of your
53 choice, instead of the default, _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. The lock
54 file used is the specified _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ".tmp"
55 appended to it. In c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode only, the argument to
56 -
\b-f
\bf may be "-", indicating that _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs will be read from
59 -h The -
\b-h
\bh (_
\bh_
\be_
\bl_
\bp) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print a short help
60 message to the standard output and exit.
62 -q Enable q
\bqu
\bui
\bie
\bet
\bt mode. In this mode details about syntax
63 errors are not printed. This option is only useful when
64 combined with the -
\b-c
\bc option.
66 -s Enable s
\bst
\btr
\bri
\bic
\bct
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an alias is
67 used before it is defined, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will consider this a
68 parse error. Note that it is not possible to differentiate
69 between an alias and a host name or user name that consists
70 solely of uppercase letters, digits, and the underscore
73 -V The -
\b-V
\bV (version) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print its version
76 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
77 The following environment variables may be consulted depending on the
78 value of the _
\be_
\bd_
\bi_
\bt_
\bo_
\br and _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs variables:
80 VISUAL Invoked by visudo as the editor to use
82 EDITOR Used by visudo if VISUAL is not set
85 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs List of who can run what
87 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs_
\b._
\bt_
\bm_
\bp Lock file for visudo
89 D
\bDI
\bIA
\bAG
\bGN
\bNO
\bOS
\bST
\bTI
\bIC
\bCS
\bS
90 sudoers file busy, try again later.
91 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
93 /etc/sudoers.tmp: Permission denied
94 You didn't run v
\bvi
\bis
\bsu
\bud
\bdo
\bo as root.
96 Can't find you in the passwd database
97 Your userid does not appear in the system passwd file.
99 Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
100 Either you are trying to use an undeclare
101 {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
102 that consists solely of uppercase letters, digits, and the
103 underscore ('_') character. In the latter case, you can ignore the
104 warnings (s
\bsu
\bud
\bdo
\bo will not complain). In -
\b-s
\bs (strict) mode these are
105 errors, not warnings.
107 Warning: unused {User,Runas,Host,Cmnd}_Alias
108 The specified {User,Runas,Host,Cmnd}_Alias was defined but never
109 used. You may wish to comment out or remove the unused alias. In
110 -
\b-s
\bs (strict) mode this is an error, not a warning.
112 Warning: cycle in {User,Runas,Host,Cmnd}_Alias
113 The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
114 itself, either directly or through an alias it includes. This is
115 only a warning by default as s
\bsu
\bud
\bdo
\bo will ignore cycles when parsing
116 the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
118 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
119 _
\bv_
\bi(1), _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs(4), _
\bs_
\bu_
\bd_
\bo(1m), _
\bv_
\bi_
\bp_
\bw(1m)
121 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bR
122 Many people have worked on _
\bs_
\bu_
\bd_
\bo over the years; this version of v
\bvi
\bis
\bsu
\bud
\bdo
\bo
127 See the HISTORY file in the sudo distribution or visit
128 http://www.sudo.ws/sudo/history.html for more details.
130 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
131 There is no easy way to prevent a user from gaining a root shell if the
132 editor used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo allows shell escapes.
135 If you feel you have found a bug in v
\bvi
\bis
\bsu
\bud
\bdo
\bo, please submit a bug report
136 at http://www.sudo.ws/sudo/bugs/
138 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
139 Limited free support is available via the sudo-users mailing list, see
140 http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
143 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
144 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied warranties,
145 including, but not limited to, the implied warranties of
146 merchantability and fitness for a particular purpose are disclaimed.
147 See the LICENSE file distributed with s
\bsu
\bud
\bdo
\bo or
148 http://www.sudo.ws/sudo/license.html for complete details.
152 1.8.3 September 16, 2011 VISUDO(1m)