4 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
8 visudo - edit the sudoers file
10 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
11 v
\bvi
\bis
\bsu
\bud
\bdo
\bo [ -
\b-c
\bc ] [ -
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs ] [ -
\b-q
\bq ] [ -
\b-s
\bs ] [ -
\b-V
\bV ]
13 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
14 v
\bvi
\bis
\bsu
\bud
\bdo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous
15 to vipw(1m). v
\bvi
\bis
\bsu
\bud
\bdo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multi
16 ple simultaneous edits, provides basic sanity checks, and
17 checks for parse errors. If the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently
18 being edited you will receive a message to try again
21 There is a hard-coded list of editors that v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use
22 set at compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br
23 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Default variable. This list defaults to the path
24 to _
\bv_
\bi(1) on your system, as determined by the _
\bc_
\bo_
\bn_
\bf_
\bi_
\bg_
\bu_
\br_
\be
25 script. Normally, v
\bvi
\bis
\bsu
\bud
\bdo
\bo does not honor the VISUAL or
26 EDITOR environment variables unless they contain an editor
27 in the aforementioned editors list. However, if v
\bvi
\bis
\bsu
\bud
\bdo
\bo is
28 configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\be_
\bd_
\bi_
\bt_
\bo_
\br flag or the _
\be_
\bn_
\bv_
\be_
\bd_
\bi_
\bt_
\bo_
\br
29 Default variable is set in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use any
30 the editor defines by VISUAL or EDITOR. Note that this
31 can be a security hole since it allows the user to execute
32 any program they wish simply by setting VISUAL or EDITOR.
34 v
\bvi
\bis
\bsu
\bud
\bdo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not
35 save the changes if there is a syntax error. Upon finding
36 an error, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will print a message stating the line
37 number(s) where the error occurred and the user will
38 receive the "What now?" prompt. At this point the user
39 may enter "e" to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, "x" to exit
40 without saving the changes, or "Q" to quit and save
41 changes. The "Q" option should be used with extreme care
42 because if v
\bvi
\bis
\bsu
\bud
\bdo
\bo believes there to be a parse error, so
43 will s
\bsu
\bud
\bdo
\bo and no one will be able to s
\bsu
\bud
\bdo
\bo again until the
44 error is fixed. If "e" is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file
45 after a parse error has been detected, the cursor will be
46 placed on the line where the error occurred (if the editor
47 supports this feature).
49 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
50 v
\bvi
\bis
\bsu
\bud
\bdo
\bo accepts the following command line options:
52 -c Enable c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file
53 will be checked for syntax and a message will be
54 printed to the standard output detailing the status of
55 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. If the syntax check completes successfully,
56 v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with a value of 0. If a syntax error
57 is encountered, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with a value of 1.
59 -f Specify and alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With
60 this option v
\bvi
\bis
\bsu
\bud
\bdo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs
64 1.6.8p5 November 26, 2004 1
70 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
73 file of your choice, instead of the default,
74 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. The lock file used is the specified
75 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ".tmp" appended to it.
77 -q Enable q
\bqu
\bui
\bie
\bet
\bt mode. In this mode details about syntax
78 errors are not printed. This option is only useful
79 when combined with the -
\b-c
\bc flag.
81 -s Enable s
\bst
\btr
\bri
\bic
\bct
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an
82 alias is used before it is defined, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will con
83 sider this a parse error. Note that it is not possi
84 ble to differentiate between an alias and a hostname
85 or username that consists solely of uppercase letters,
86 digits, and the underscore ('_') character.
88 -V The -
\b-V
\bV (version) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print its
89 version number and exit.
91 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
92 The following environment variables are used only if
93 v
\bvi
\bis
\bsu
\bud
\bdo
\bo was configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\b-_
\be_
\bd_
\bi_
\bt_
\bo_
\br option:
95 VISUAL Invoked by visudo as the editor to use
96 EDITOR Used by visudo if VISUAL is not set
99 /etc/sudoers List of who can run what
100 /etc/sudoers.tmp Lock file for visudo
102 D
\bDI
\bIA
\bAG
\bGN
\bNO
\bOS
\bST
\bTI
\bIC
\bCS
\bS
103 sudoers file busy, try again later.
104 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
106 /etc/sudoers.tmp: Permission denied
107 You didn't run v
\bvi
\bis
\bsu
\bud
\bdo
\bo as root.
109 Can't find you in the passwd database
110 Your userid does not appear in the system passwd file.
112 Warning: undeclared Alias referenced near ...
113 Either you are using a {User,Runas,Host,Cmnd}_Alias
114 before defining it or you have a user or hostname
115 listed that consists solely of uppercase letters, dig
116 its, and the underscore ('_') character. If the lat
117 ter, you can ignore the warnings (s
\bsu
\bud
\bdo
\bo will not com
118 plain). In -
\b-s
\bs (strict) mode these are errors, not
121 Warning: runas_default set after old value is in use ...
122 You have a _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt Defaults setting listed in
123 the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after its value has already been
124 used. This means that entries prior to the
125 _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt setting will match based on the default
126 value of _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt (root) whereas entries a
\baf
\bft
\bte
\ber
\br
130 1.6.8p5 November 26, 2004 2
136 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
139 the _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt setting will match based on the new
140 value. This is usually unintentional and in most
141 cases the <runas_default> setting should be placed
142 before any Runas_Alias or User specifications. In -
\b-s
\bs
143 (strict) mode this is an error, not a warning.
145 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
146 _
\bv_
\bi(1), sudoers(4), sudo(1m), vipw(1m)
148 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bR
149 Many people have worked on _
\bs_
\bu_
\bd_
\bo over the years; this ver
150 sion of v
\bvi
\bis
\bsu
\bud
\bdo
\bo was written by:
154 See the HISTORY file in the sudo distribution or visit
155 http://www.sudo.ws/sudo/history.html for more details.
157 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
158 There is no easy way to prevent a user from gaining a root
159 shell if the editor used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo allows shell escapes.
162 If you feel you have found a bug in v
\bvi
\bis
\bsu
\bud
\bdo
\bo, please submit
163 a bug report at http://www.sudo.ws/sudo/bugs/
165 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
166 Commercial support is available for s
\bsu
\bud
\bdo
\bo, see
167 http://www.sudo.ws/sudo/support.html for details.
169 Limited free support is available via the sudo-users mail
170 ing list, see http://www.sudo.ws/mail
171 man/listinfo/sudo-users to subscribe or search the
174 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
175 V
\bVi
\bis
\bsu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied
176 warranties, including, but not limited to, the implied
177 warranties of merchantability and fitness for a particular
178 purpose are disclaimed. See the LICENSE file distributed
179 with s
\bsu
\bud
\bdo
\bo or http://www.sudo.ws/sudo/license.html for com
196 1.6.8p5 November 26, 2004 3