4 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
8 visudo - edit the sudoers file
10 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
11 v
\bvi
\bis
\bsu
\bud
\bdo
\bo [-
\b-c
\bc] [-
\b-q
\bq] [-
\b-s
\bs] [-
\b-V
\bV] [-
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs]
13 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
14 v
\bvi
\bis
\bsu
\bud
\bdo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous
15 to _
\bv_
\bi_
\bp_
\bw(1m). v
\bvi
\bis
\bsu
\bud
\bdo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multi
16 ple simultaneous edits, provides basic sanity checks, and
17 checks for parse errors. If the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently
18 being edited you will receive a message to try again
21 There is a hard-coded list of editors that v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use
22 set at compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br
23 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Default variable. This list defaults to the path
24 to _
\bv_
\bi(1) on your system, as determined by the _
\bc_
\bo_
\bn_
\bf_
\bi_
\bg_
\bu_
\br_
\be
25 script. Normally, v
\bvi
\bis
\bsu
\bud
\bdo
\bo does not honor the VISUAL or
26 EDITOR environment variables unless they contain an editor
27 in the aforementioned editors list. However, if v
\bvi
\bis
\bsu
\bud
\bdo
\bo is
28 configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\be_
\bd_
\bi_
\bt_
\bo_
\br flag or the _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\b
29 _
\bt_
\bo_
\br Default variable is set in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use
30 any the editor defines by VISUAL or EDITOR. Note that
31 this can be a security hole since it allows the user to
32 execute any program they wish simply by setting VISUAL or
35 v
\bvi
\bis
\bsu
\bud
\bdo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not
36 save the changes if there is a syntax error. Upon finding
37 an error, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will print a message stating the line
38 number(s) where the error occurred and the user will
39 receive the "What now?" prompt. At this point the user
40 may enter "e" to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, "x" to exit
41 without saving the changes, or "Q" to quit and save
42 changes. The "Q" option should be used with extreme care
43 because if v
\bvi
\bis
\bsu
\bud
\bdo
\bo believes there to be a parse error, so
44 will s
\bsu
\bud
\bdo
\bo and no one will be able to s
\bsu
\bud
\bdo
\bo again until the
45 error is fixed. If "e" is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file
46 after a parse error has been detected, the cursor will be
47 placed on the line where the error occurred (if the editor
48 supports this feature).
50 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
51 v
\bvi
\bis
\bsu
\bud
\bdo
\bo accepts the following command line options:
53 -c Enable c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file
54 will be checked for syntax and a message will be
55 printed to the standard output detailing the status of
56 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. If the syntax check completes successfully,
57 v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with a value of 0. If a syntax error
58 is encountered, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with a value of 1.
60 -f Specify and alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With
64 1.6.9p11 January 5, 2008 1
70 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
73 this option v
\bvi
\bis
\bsu
\bud
\bdo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs
74 file of your choice, instead of the default,
75 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. The lock file used is the specified
76 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ".tmp" appended to it.
78 -q Enable q
\bqu
\bui
\bie
\bet
\bt mode. In this mode details about syntax
79 errors are not printed. This option is only useful
80 when combined with the -
\b-c
\bc flag.
82 -s Enable s
\bst
\btr
\bri
\bic
\bct
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an
83 alias is used before it is defined, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will con
84 sider this a parse error. Note that it is not possi
85 ble to differentiate between an alias and a hostname
86 or username that consists solely of uppercase letters,
87 digits, and the underscore ('_') character.
89 -V The -
\b-V
\bV (version) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print its
90 version number and exit.
92 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
93 The following environment variables are used only if
94 v
\bvi
\bis
\bsu
\bud
\bdo
\bo was configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\b-_
\be_
\bd_
\bi_
\bt_
\bo_
\br option:
96 VISUAL Invoked by visudo as the editor to use
98 EDITOR Used by visudo if VISUAL is not set
101 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs List of who can run what
102 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs_
\b._
\bt_
\bm_
\bp Lock file for visudo
104 D
\bDI
\bIA
\bAG
\bGN
\bNO
\bOS
\bST
\bTI
\bIC
\bCS
\bS
105 sudoers file busy, try again later.
106 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
108 /etc/sudoers.tmp: Permission denied
109 You didn't run v
\bvi
\bis
\bsu
\bud
\bdo
\bo as root.
111 Can't find you in the passwd database
112 Your userid does not appear in the system passwd file.
114 Warning: undeclared Alias referenced near ...
115 Either you are using a {User,Runas,Host,Cmnd}_Alias
116 before defining it or you have a user or hostname
117 listed that consists solely of uppercase letters, dig
118 its, and the underscore ('_') character. If the lat
119 ter, you can ignore the warnings (s
\bsu
\bud
\bdo
\bo will not com
120 plain). In -
\b-s
\bs (strict) mode these are errors, not
123 Warning: runas_default set after old value is in use ...
124 You have a _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt Defaults setting listed in
125 the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after its value has already been
126 used. This means that entries prior to the
130 1.6.9p11 January 5, 2008 2
136 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
139 _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt setting will match based on the default
140 value of _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt (root) whereas entries a
\baf
\bft
\bte
\ber
\br
141 the _
\br_
\bu_
\bn_
\ba_
\bs_
\b__
\bd_
\be_
\bf_
\ba_
\bu_
\bl_
\bt setting will match based on the new
142 value. This is usually unintentional and in most
143 cases the <runas_default> setting should be placed
144 before any Runas_Alias or User specifications. In -
\b-s
\bs
145 (strict) mode this is an error, not a warning.
147 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
148 _
\bv_
\bi(1), _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs(4), _
\bs_
\bu_
\bd_
\bo(1m), _
\bv_
\bi_
\bp_
\bw(8)
150 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bR
151 Many people have worked on _
\bs_
\bu_
\bd_
\bo over the years; this ver
152 sion of v
\bvi
\bis
\bsu
\bud
\bdo
\bo was written by:
156 See the HISTORY file in the sudo distribution or visit
157 http://www.sudo.ws/sudo/history.html for more details.
159 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
160 There is no easy way to prevent a user from gaining a root
161 shell if the editor used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo allows shell escapes.
164 If you feel you have found a bug in v
\bvi
\bis
\bsu
\bud
\bdo
\bo, please submit
165 a bug report at http://www.sudo.ws/sudo/bugs/
167 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
168 Limited free support is available via the sudo-users mail
169 ing list, see http://www.sudo.ws/mail
170 man/listinfo/sudo-users to subscribe or search the
173 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
174 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied
175 warranties, including, but not limited to, the implied
176 warranties of merchantability and fitness for a particular
177 purpose are disclaimed. See the LICENSE file distributed
178 with s
\bsu
\bud
\bdo
\bo or http://www.sudo.ws/sudo/license.html for com
196 1.6.9p11 January 5, 2008 3