4 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
8 visudo - edit the sudoers file
10 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
11 v
\bvi
\bis
\bsu
\bud
\bdo
\bo [-
\b-c
\bch
\bhq
\bqs
\bsV
\bV] [-
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs]
13 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
14 v
\bvi
\bis
\bsu
\bud
\bdo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous to _
\bv_
\bi_
\bp_
\bw(1m).
15 v
\bvi
\bis
\bsu
\bud
\bdo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multiple simultaneous edits,
16 provides basic sanity checks, and checks for parse errors. If the
17 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently being edited you will receive a message to
20 There is a hard-coded list of one or more editors that v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use
21 set at compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs
22 Default variable. This list defaults to "vi". Normally, v
\bvi
\bis
\bsu
\bud
\bdo
\bo does
23 not honor the VISUAL or EDITOR environment variables unless they
24 contain an editor in the aforementioned editors list. However, if
25 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\b-_
\be_
\bd_
\bi_
\bt_
\bo_
\br option or the
26 _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br Default variable is set in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use any the
27 editor defines by VISUAL or EDITOR. Note that this can be a security
28 hole since it allows the user to execute any program they wish simply
29 by setting VISUAL or EDITOR.
31 v
\bvi
\bis
\bsu
\bud
\bdo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not save the
32 changes if there is a syntax error. Upon finding an error, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will
33 print a message stating the line number(s) where the error occurred and
34 the user will receive the "What now?" prompt. At this point the user
35 may enter "e" to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, "x" to exit without saving
36 the changes, or "Q" to quit and save changes. The "Q" option should be
37 used with extreme care because if v
\bvi
\bis
\bsu
\bud
\bdo
\bo believes there to be a parse
38 error, so will s
\bsu
\bud
\bdo
\bo and no one will be able to s
\bsu
\bud
\bdo
\bo again until the
39 error is fixed. If "e" is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after a
40 parse error has been detected, the cursor will be placed on the line
41 where the error occurred (if the editor supports this feature).
43 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
44 v
\bvi
\bis
\bsu
\bud
\bdo
\bo accepts the following command line options:
46 -c Enable c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file will be
47 checked for syntax and a message will be printed to the
48 standard output detailing the status of _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. If the
49 syntax check completes successfully, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with
50 a value of 0. If a syntax error is encountered, v
\bvi
\bis
\bsu
\bud
\bdo
\bo
51 will exit with a value of 1.
53 -f _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Specify and alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With this
54 option v
\bvi
\bis
\bsu
\bud
\bdo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file of your
55 choice, instead of the default, _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. The lock
56 file used is the specified _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ".tmp"
57 appended to it. In c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode only, the argument to
58 -
\b-f
\bf may be "-", indicating that _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs will be read from
70 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
73 -h The -
\b-h
\bh (_
\bh_
\be_
\bl_
\bp) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print a short help
74 message to the standard output and exit.
76 -q Enable q
\bqu
\bui
\bie
\bet
\bt mode. In this mode details about syntax
77 errors are not printed. This option is only useful when
78 combined with the -
\b-c
\bc option.
80 -s Enable s
\bst
\btr
\bri
\bic
\bct
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an alias is
81 used before it is defined, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will consider this a
82 parse error. Note that it is not possible to differentiate
83 between an alias and a host name or user name that consists
84 solely of uppercase letters, digits, and the underscore
87 -V The -
\b-V
\bV (version) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print its version
90 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
91 The following environment variables may be consulted depending on the
92 value of the _
\be_
\bd_
\bi_
\bt_
\bo_
\br and _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs variables:
94 VISUAL Invoked by visudo as the editor to use
96 EDITOR Used by visudo if VISUAL is not set
99 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs List of who can run what
101 _
\b/_
\be_
\bt_
\bc_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs_
\b._
\bt_
\bm_
\bp Lock file for visudo
103 D
\bDI
\bIA
\bAG
\bGN
\bNO
\bOS
\bST
\bTI
\bIC
\bCS
\bS
104 sudoers file busy, try again later.
105 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
107 /etc/sudoers.tmp: Permission denied
108 You didn't run v
\bvi
\bis
\bsu
\bud
\bdo
\bo as root.
110 Can't find you in the passwd database
111 Your userid does not appear in the system passwd file.
113 Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
114 Either you are trying to use an undeclare
115 {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
116 that consists solely of uppercase letters, digits, and the
117 underscore ('_') character. In the latter case, you can ignore the
118 warnings (s
\bsu
\bud
\bdo
\bo will not complain). In -
\b-s
\bs (strict) mode these are
119 errors, not warnings.
121 Warning: unused {User,Runas,Host,Cmnd}_Alias
122 The specified {User,Runas,Host,Cmnd}_Alias was defined but never
123 used. You may wish to comment out or remove the unused alias. In
124 -
\b-s
\bs (strict) mode this is an error, not a warning.
130 1.7.6 April 9, 2011 2
136 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
139 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
140 _
\bv_
\bi(1), _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs(4), _
\bs_
\bu_
\bd_
\bo(1m), _
\bv_
\bi_
\bp_
\bw(8)
142 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bR
143 Many people have worked on _
\bs_
\bu_
\bd_
\bo over the years; this version of v
\bvi
\bis
\bsu
\bud
\bdo
\bo
148 See the HISTORY file in the sudo distribution or visit
149 http://www.sudo.ws/sudo/history.html for more details.
151 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
152 There is no easy way to prevent a user from gaining a root shell if the
153 editor used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo allows shell escapes.
156 If you feel you have found a bug in v
\bvi
\bis
\bsu
\bud
\bdo
\bo, please submit a bug report
157 at http://www.sudo.ws/sudo/bugs/
159 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
160 Limited free support is available via the sudo-users mailing list, see
161 http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
164 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
165 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied warranties,
166 including, but not limited to, the implied warranties of
167 merchantability and fitness for a particular purpose are disclaimed.
168 See the LICENSE file distributed with s
\bsu
\bud
\bdo
\bo or
169 http://www.sudo.ws/sudo/license.html for complete details.
196 1.7.6 April 9, 2011 3