1 VISUDO(1m) System Manager's Manual VISUDO(1m)
4 v
\bvi
\bis
\bsu
\bud
\bdo
\bo - edit the sudoers file
6 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
7 v
\bvi
\bis
\bsu
\bud
\bdo
\bo [-
\b-c
\bch
\bhq
\bqs
\bsV
\bV] [-
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs]
9 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
10 v
\bvi
\bis
\bsu
\bud
\bdo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous to vipw(1m).
11 v
\bvi
\bis
\bsu
\bud
\bdo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multiple simultaneous edits,
12 provides basic sanity checks, and checks for parse errors. If the
13 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently being edited you will receive a message to try
16 There is a hard-coded list of one or more editors that v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use
17 set at compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Default
18 variable. This list defaults to vi. Normally, v
\bvi
\bis
\bsu
\bud
\bdo
\bo does not honor the
19 VISUAL or EDITOR environment variables unless they contain an editor in
20 the aforementioned editors list. However, if v
\bvi
\bis
\bsu
\bud
\bdo
\bo is configured with
21 the --with-env-editor option or the _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br Default variable is set in
22 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use any the editor defines by VISUAL or EDITOR.
23 Note that this can be a security hole since it allows the user to execute
24 any program they wish simply by setting VISUAL or EDITOR.
26 v
\bvi
\bis
\bsu
\bud
\bdo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not save the
27 changes if there is a syntax error. Upon finding an error, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will
28 print a message stating the line number(s) where the error occurred and
29 the user will receive the ``What now?'' prompt. At this point the user
30 may enter `e' to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, `x' to exit without saving the
31 changes, or `Q' to quit and save changes. The `Q' option should be used
32 with extreme care because if v
\bvi
\bis
\bsu
\bud
\bdo
\bo believes there to be a parse error,
33 so will s
\bsu
\bud
\bdo
\bo and no one will be able to s
\bsu
\bud
\bdo
\bo again until the error is
34 fixed. If `e' is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after a parse error has
35 been detected, the cursor will be placed on the line where the error
36 occurred (if the editor supports this feature).
38 The options are as follows:
40 -
\b-c
\bc Enable _
\bc_
\bh_
\be_
\bc_
\bk_
\b-_
\bo_
\bn_
\bl_
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file will be
41 checked for syntax errors, owner and mode. A message will be
42 printed to the standard output describing the status of
43 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs unless the -
\b-q
\bq option was specified. If the check
44 completes successfully, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with a value of 0.
45 If an error is encountered, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with a value of
48 -
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Specify an alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With this option
49 v
\bvi
\bis
\bsu
\bud
\bdo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file of your choice,
50 instead of the default, _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. The lock file used is
51 the specified _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ``.tmp'' appended to it. In
52 _
\bc_
\bh_
\be_
\bc_
\bk_
\b-_
\bo_
\bn_
\bl_
\by mode only, the argument to -
\b-f
\bf may be `-',
53 indicating that _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs will be read from the standard input.
55 -
\b-h
\bh The -
\b-h
\bh (_
\bh_
\be_
\bl_
\bp) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print a short help
56 message to the standard output and exit.
58 -
\b-q
\bq Enable _
\bq_
\bu_
\bi_
\be_
\bt mode. In this mode details about syntax errors
59 are not printed. This option is only useful when combined
60 with the -
\b-c
\bc option.
62 -
\b-s
\bs Enable _
\bs_
\bt_
\br_
\bi_
\bc_
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an alias is
63 used before it is defined, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will consider this a parse
64 error. Note that it is not possible to differentiate between
65 an alias and a host name or user name that consists solely of
66 uppercase letters, digits, and the underscore (`_')
69 -
\b-V
\bV The -
\b-V
\bV (_
\bv_
\be_
\br_
\bs_
\bi_
\bo_
\bn) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print its version
72 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
73 The following environment variables may be consulted depending on the
74 value of the _
\be_
\bd_
\bi_
\bt_
\bo_
\br and _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs settings:
76 VISUAL Invoked by v
\bvi
\bis
\bsu
\bud
\bdo
\bo as the editor to use
78 EDITOR Used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo if VISUAL is not set
81 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs List of who can run what
83 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs_
\b._
\bt_
\bm_
\bp Lock file for visudo
85 D
\bDI
\bIA
\bAG
\bGN
\bNO
\bOS
\bST
\bTI
\bIC
\bCS
\bS
86 sudoers file busy, try again later.
87 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
89 /etc/sudoers.tmp: Permission denied
90 You didn't run v
\bvi
\bis
\bsu
\bud
\bdo
\bo as root.
92 Can't find you in the passwd database
93 Your user ID does not appear in the system passwd file.
95 Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
96 Either you are trying to use an undeclared
97 {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
98 that consists solely of uppercase letters, digits, and the
99 underscore (`_') character. In the latter case, you can ignore the
100 warnings (s
\bsu
\bud
\bdo
\bo will not complain). In -
\b-s
\bs (strict) mode these are
101 errors, not warnings.
103 Warning: unused {User,Runas,Host,Cmnd}_Alias
104 The specified {User,Runas,Host,Cmnd}_Alias was defined but never
105 used. You may wish to comment out or remove the unused alias. In
106 -
\b-s
\bs (strict) mode this is an error, not a warning.
108 Warning: cycle in {User,Runas,Host,Cmnd}_Alias
109 The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
110 itself, either directly or through an alias it includes. This is
111 only a warning by default as s
\bsu
\bud
\bdo
\bo will ignore cycles when parsing
112 the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
114 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
115 vi(1), sudoers(4), sudo(1m), vipw(1m)
117 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bRS
\bS
118 Many people have worked on s
\bsu
\bud
\bdo
\bo over the years; this version consists of
119 code written primarily by:
123 See the CONTRIBUTORS file in the s
\bsu
\bud
\bdo
\bo distribution
124 (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
125 people who have contributed to s
\bsu
\bud
\bdo
\bo.
127 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
128 There is no easy way to prevent a user from gaining a root shell if the
129 editor used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo allows shell escapes.
132 If you feel you have found a bug in v
\bvi
\bis
\bsu
\bud
\bdo
\bo, please submit a bug report at
133 http://www.sudo.ws/sudo/bugs/
135 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
136 Limited free support is available via the sudo-users mailing list, see
137 http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
140 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
141 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied warranties,
142 including, but not limited to, the implied warranties of merchantability
143 and fitness for a particular purpose are disclaimed. See the LICENSE
144 file distributed with s
\bsu
\bud
\bdo
\bo or http://www.sudo.ws/sudo/license.html for
147 Sudo 1.8.7 June 12, 2013 Sudo 1.8.7