1 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
6 visudo - edit the sudoers file
8 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
9 v
\bvi
\bis
\bsu
\bud
\bdo
\bo [-
\b-c
\bch
\bhq
\bqs
\bsV
\bV] [-
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs]
11 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
12 v
\bvi
\bis
\bsu
\bud
\bdo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous to _
\bv_
\bi_
\bp_
\bw(1m).
13 v
\bvi
\bis
\bsu
\bud
\bdo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multiple simultaneous edits,
14 provides basic sanity checks, and checks for parse errors. If the
15 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently being edited you will receive a message to
18 There is a hard-coded list of one or more editors that v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use
19 set at compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs
20 Default variable. This list defaults to "vi". Normally, v
\bvi
\bis
\bsu
\bud
\bdo
\bo does
21 not honor the VISUAL or EDITOR environment variables unless they
22 contain an editor in the aforementioned editors list. However, if
23 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\b-_
\be_
\bd_
\bi_
\bt_
\bo_
\br option or the
24 _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br Default variable is set in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use any the
25 editor defines by VISUAL or EDITOR. Note that this can be a security
26 hole since it allows the user to execute any program they wish simply
27 by setting VISUAL or EDITOR.
29 v
\bvi
\bis
\bsu
\bud
\bdo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not save the
30 changes if there is a syntax error. Upon finding an error, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will
31 print a message stating the line number(s) where the error occurred and
32 the user will receive the "What now?" prompt. At this point the user
33 may enter "e" to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, "x" to exit without saving
34 the changes, or "Q" to quit and save changes. The "Q" option should be
35 used with extreme care because if v
\bvi
\bis
\bsu
\bud
\bdo
\bo believes there to be a parse
36 error, so will s
\bsu
\bud
\bdo
\bo and no one will be able to s
\bsu
\bud
\bdo
\bo again until the
37 error is fixed. If "e" is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after a
38 parse error has been detected, the cursor will be placed on the line
39 where the error occurred (if the editor supports this feature).
41 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
42 v
\bvi
\bis
\bsu
\bud
\bdo
\bo accepts the following command line options:
44 -c Enable c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file will be
45 checked for syntax errors, owner and mode. A message will
46 be printed to the standard output describing the status of
47 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs unless the -
\b-q
\bq option was specified. If the check
48 completes successfully, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with a value of 0.
49 If an error is encountered, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with a value
52 -f _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Specify and alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With this
53 option v
\bvi
\bis
\bsu
\bud
\bdo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file of your
54 choice, instead of the default, _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. The lock
55 file used is the specified _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ".tmp"
56 appended to it. In c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode only, the argument to
57 -
\b-f
\bf may be "-", indicating that _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs will be read from
60 -h The -
\b-h
\bh (_
\bh_
\be_
\bl_
\bp) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print a short help
61 message to the standard output and exit.
63 -q Enable q
\bqu
\bui
\bie
\bet
\bt mode. In this mode details about syntax
64 errors are not printed. This option is only useful when
65 combined with the -
\b-c
\bc option.
67 -s Enable s
\bst
\btr
\bri
\bic
\bct
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an alias is
68 used before it is defined, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will consider this a
69 parse error. Note that it is not possible to differentiate
70 between an alias and a host name or user name that consists
71 solely of uppercase letters, digits, and the underscore
74 -V The -
\b-V
\bV (version) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print its version
77 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
78 The following environment variables may be consulted depending on the
79 value of the _
\be_
\bd_
\bi_
\bt_
\bo_
\br and _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs variables:
81 VISUAL Invoked by visudo as the editor to use
83 EDITOR Used by visudo if VISUAL is not set
86 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs List of who can run what
88 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs_
\b._
\bt_
\bm_
\bp Lock file for visudo
90 D
\bDI
\bIA
\bAG
\bGN
\bNO
\bOS
\bST
\bTI
\bIC
\bCS
\bS
91 sudoers file busy, try again later.
92 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
94 /etc/sudoers.tmp: Permission denied
95 You didn't run v
\bvi
\bis
\bsu
\bud
\bdo
\bo as root.
97 Can't find you in the passwd database
98 Your userid does not appear in the system passwd file.
100 Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
101 Either you are trying to use an undeclare
102 {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
103 that consists solely of uppercase letters, digits, and the
104 underscore ('_') character. In the latter case, you can ignore the
105 warnings (s
\bsu
\bud
\bdo
\bo will not complain). In -
\b-s
\bs (strict) mode these are
106 errors, not warnings.
108 Warning: unused {User,Runas,Host,Cmnd}_Alias
109 The specified {User,Runas,Host,Cmnd}_Alias was defined but never
110 used. You may wish to comment out or remove the unused alias. In
111 -
\b-s
\bs (strict) mode this is an error, not a warning.
113 Warning: cycle in {User,Runas,Host,Cmnd}_Alias
114 The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
115 itself, either directly or through an alias it includes. This is
116 only a warning by default as s
\bsu
\bud
\bdo
\bo will ignore cycles when parsing
117 the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
119 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
120 _
\bv_
\bi(1), _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs(4), _
\bs_
\bu_
\bd_
\bo(1m), _
\bv_
\bi_
\bp_
\bw(1m)
122 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bR
123 Many people have worked on s
\bsu
\bud
\bdo
\bo over the years; this version of v
\bvi
\bis
\bsu
\bud
\bdo
\bo
128 See the CONTRIBUTORS file in the s
\bsu
\bud
\bdo
\bo distribution
129 (http://www.sudo.ws/sudo/contributors.html) for a list of people who
130 have contributed to s
\bsu
\bud
\bdo
\bo.
132 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
133 There is no easy way to prevent a user from gaining a root shell if the
134 editor used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo allows shell escapes.
137 If you feel you have found a bug in v
\bvi
\bis
\bsu
\bud
\bdo
\bo, please submit a bug report
138 at http://www.sudo.ws/sudo/bugs/
140 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
141 Limited free support is available via the sudo-users mailing list, see
142 http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
145 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
146 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied warranties,
147 including, but not limited to, the implied warranties of
148 merchantability and fitness for a particular purpose are disclaimed.
149 See the LICENSE file distributed with s
\bsu
\bud
\bdo
\bo or
150 http://www.sudo.ws/sudo/license.html for complete details.
154 1.8.5 March 14, 2012 VISUDO(1m)