4 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
8 visudo - edit the sudoers file
10 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
11 v
\bvi
\bis
\bsu
\bud
\bdo
\bo [-
\b-c
\bc] [-
\b-q
\bq] [-
\b-s
\bs] [-
\b-V
\bV] [-
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs]
13 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
14 v
\bvi
\bis
\bsu
\bud
\bdo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous to _
\bv_
\bi_
\bp_
\bw(1m).
15 v
\bvi
\bis
\bsu
\bud
\bdo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multiple simultaneous edits,
16 provides basic sanity checks, and checks for parse errors. If the
17 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently being edited you will receive a message to
20 There is a hard-coded list of editors that v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use set at
21 compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Default
22 variable. This list defaults to the path to _
\bv_
\bi(1) on your system, as
23 determined by the _
\bc_
\bo_
\bn_
\bf_
\bi_
\bg_
\bu_
\br_
\be script. Normally, v
\bvi
\bis
\bsu
\bud
\bdo
\bo does not honor
24 the VISUAL or EDITOR environment variables unless they contain an
25 editor in the aforementioned editors list. However, if v
\bvi
\bis
\bsu
\bud
\bdo
\bo is
26 configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\be_
\bd_
\bi_
\bt_
\bo_
\br option or the _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br Default
27 variable is set in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use any the editor defines by
28 VISUAL or EDITOR. Note that this can be a security hole since it
29 allows the user to execute any program they wish simply by setting
32 v
\bvi
\bis
\bsu
\bud
\bdo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not save the
33 changes if there is a syntax error. Upon finding an error, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will
34 print a message stating the line number(s) where the error occurred and
35 the user will receive the "What now?" prompt. At this point the user
36 may enter "e" to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, "x" to exit without saving
37 the changes, or "Q" to quit and save changes. The "Q" option should be
38 used with extreme care because if v
\bvi
\bis
\bsu
\bud
\bdo
\bo believes there to be a parse
39 error, so will s
\bsu
\bud
\bdo
\bo and no one will be able to s
\bsu
\bud
\bdo
\bo again until the
40 error is fixed. If "e" is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after a
41 parse error has been detected, the cursor will be placed on the line
42 where the error occurred (if the editor supports this feature).
44 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
45 v
\bvi
\bis
\bsu
\bud
\bdo
\bo accepts the following command line options:
47 -c Enable c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file will be
48 checked for syntax and a message will be printed to the
49 standard output detailing the status of _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. If the
50 syntax check completes successfully, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with
51 a value of 0. If a syntax error is encountered, v
\bvi
\bis
\bsu
\bud
\bdo
\bo
52 will exit with a value of 1.
54 -f _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Specify and alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With this
55 option v
\bvi
\bis
\bsu
\bud
\bdo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file of your
56 choice, instead of the default, _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. The lock
57 file used is the specified _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ".tmp"
60 -q Enable q
\bqu
\bui
\bie
\bet
\bt mode. In this mode details about syntax
64 1.7.2p5 February 22, 2010 1
70 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
73 errors are not printed. This option is only useful when
74 combined with the -
\b-c
\bc option.
76 -s Enable s
\bst
\btr
\bri
\bic
\bct
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an alias is
77 used before it is defined, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will consider this a
78 parse error. Note that it is not possible to differentiate
79 between an alias and a hostname or username that consists
80 solely of uppercase letters, digits, and the underscore
83 -V The -
\b-V
\bV (version) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print its version
86 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
87 The following environment variables may be consulted depending on the
88 value of the _
\be_
\bd_
\bi_
\bt_
\bo_
\br and _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs variables:
90 VISUAL Invoked by visudo as the editor to use
92 EDITOR Used by visudo if VISUAL is not set
95 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs List of who can run what
97 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs_
\b._
\bt_
\bm_
\bp Lock file for visudo
99 D
\bDI
\bIA
\bAG
\bGN
\bNO
\bOS
\bST
\bTI
\bIC
\bCS
\bS
100 sudoers file busy, try again later.
101 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
103 /etc/sudoers.tmp: Permission denied
104 You didn't run v
\bvi
\bis
\bsu
\bud
\bdo
\bo as root.
106 Can't find you in the passwd database
107 Your userid does not appear in the system passwd file.
109 Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
110 Either you are trying to use an undeclare
111 {User,Runas,Host,Cmnd}_Alias or you have a user or hostname listed
112 that consists solely of uppercase letters, digits, and the
113 underscore ('_') character. In the latter case, you can ignore the
114 warnings (s
\bsu
\bud
\bdo
\bo will not complain). In -
\b-s
\bs (strict) mode these are
115 errors, not warnings.
117 Warning: unused {User,Runas,Host,Cmnd}_Alias
118 The specified {User,Runas,Host,Cmnd}_Alias was defined but never
119 used. You may wish to comment out or remove the unused alias. In
120 -
\b-s
\bs (strict) mode this is an error, not a warning.
122 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
123 _
\bv_
\bi(1), _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs(4), _
\bs_
\bu_
\bd_
\bo(1m), _
\bv_
\bi_
\bp_
\bw(8)
125 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bR
126 Many people have worked on _
\bs_
\bu_
\bd_
\bo over the years; this version of v
\bvi
\bis
\bsu
\bud
\bdo
\bo
130 1.7.2p5 February 22, 2010 2
136 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
143 See the HISTORY file in the sudo distribution or visit
144 http://www.sudo.ws/sudo/history.html for more details.
146 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
147 There is no easy way to prevent a user from gaining a root shell if the
148 editor used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo allows shell escapes.
151 If you feel you have found a bug in v
\bvi
\bis
\bsu
\bud
\bdo
\bo, please submit a bug report
152 at http://www.sudo.ws/sudo/bugs/
154 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
155 Limited free support is available via the sudo-users mailing list, see
156 http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
159 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
160 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied warranties,
161 including, but not limited to, the implied warranties of
162 merchantability and fitness for a particular purpose are disclaimed.
163 See the LICENSE file distributed with s
\bsu
\bud
\bdo
\bo or
164 http://www.sudo.ws/sudo/license.html for complete details.
196 1.7.2p5 February 22, 2010 3