4 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
8 visudo - edit the sudoers file
10 S
\bSY
\bYN
\bNO
\bOP
\bPS
\bSI
\bIS
\bS
11 v
\bvi
\bis
\bsu
\bud
\bdo
\bo [-
\b-c
\bc] [-
\b-q
\bq] [-
\b-s
\bs] [-
\b-V
\bV] [-
\b-f
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs]
13 D
\bDE
\bES
\bSC
\bCR
\bRI
\bIP
\bPT
\bTI
\bIO
\bON
\bN
14 v
\bvi
\bis
\bsu
\bud
\bdo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous to _
\bv_
\bi_
\bp_
\bw(1m).
15 v
\bvi
\bis
\bsu
\bud
\bdo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multiple simultaneous edits,
16 provides basic sanity checks, and checks for parse errors. If the
17 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently being edited you will receive a message to
20 There is a hard-coded list of editors that v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use set at
21 compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Default
22 variable. This list defaults to the path to _
\bv_
\bi(1) on your system, as
23 determined by the _
\bc_
\bo_
\bn_
\bf_
\bi_
\bg_
\bu_
\br_
\be script. Normally, v
\bvi
\bis
\bsu
\bud
\bdo
\bo does not honor
24 the VISUAL or EDITOR environment variables unless they contain an
25 editor in the aforementioned editors list. However, if v
\bvi
\bis
\bsu
\bud
\bdo
\bo is
26 configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\be_
\bd_
\bi_
\bt_
\bo_
\br option or the _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br Default
27 variable is set in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will use any the editor defines by
28 VISUAL or EDITOR. Note that this can be a security hole since it
29 allows the user to execute any program they wish simply by setting
32 v
\bvi
\bis
\bsu
\bud
\bdo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not save the
33 changes if there is a syntax error. Upon finding an error, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will
34 print a message stating the line number(s) where the error occurred and
35 the user will receive the "What now?" prompt. At this point the user
36 may enter "e" to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, "x" to exit without saving
37 the changes, or "Q" to quit and save changes. The "Q" option should be
38 used with extreme care because if v
\bvi
\bis
\bsu
\bud
\bdo
\bo believes there to be a parse
39 error, so will s
\bsu
\bud
\bdo
\bo and no one will be able to s
\bsu
\bud
\bdo
\bo again until the
40 error is fixed. If "e" is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after a
41 parse error has been detected, the cursor will be placed on the line
42 where the error occurred (if the editor supports this feature).
44 O
\bOP
\bPT
\bTI
\bIO
\bON
\bNS
\bS
45 v
\bvi
\bis
\bsu
\bud
\bdo
\bo accepts the following command line options:
47 -c Enable c
\bch
\bhe
\bec
\bck
\bk-
\b-o
\bon
\bnl
\bly
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file will be
48 checked for syntax and a message will be printed to the
49 standard output detailing the status of _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. If the
50 syntax check completes successfully, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will exit with
51 a value of 0. If a syntax error is encountered, v
\bvi
\bis
\bsu
\bud
\bdo
\bo
52 will exit with a value of 1.
54 -f _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Specify and alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With this
55 option v
\bvi
\bis
\bsu
\bud
\bdo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file of your
56 choice, instead of the default, _
\b@_
\bs_
\by_
\bs_
\bc_
\bo_
\bn_
\bf_
\bd_
\bi_
\br_
\b@_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. The
57 lock file used is the specified _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ".tmp"
60 -q Enable q
\bqu
\bui
\bie
\bet
\bt mode. In this mode details about syntax
64 1.7.0 November 15, 2008 1
70 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
73 errors are not printed. This option is only useful when
74 combined with the -
\b-c
\bc option.
76 -s Enable s
\bst
\btr
\bri
\bic
\bct
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an alias is
77 used before it is defined, v
\bvi
\bis
\bsu
\bud
\bdo
\bo will consider this a
78 parse error. Note that it is not possible to differentiate
79 between an alias and a hostname or username that consists
80 solely of uppercase letters, digits, and the underscore
83 -V The -
\b-V
\bV (version) option causes v
\bvi
\bis
\bsu
\bud
\bdo
\bo to print its version
86 E
\bEN
\bNV
\bVI
\bIR
\bRO
\bON
\bNM
\bME
\bEN
\bNT
\bT
87 The following environment variables may be consulted depending on the
88 value of the _
\be_
\bd_
\bi_
\bt_
\bo_
\br and _
\be_
\bn_
\bv_
\b__
\be_
\bd_
\bi_
\bt_
\bo_
\br _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs variables:
90 VISUAL Invoked by visudo as the editor to use
92 EDITOR Used by visudo if VISUAL is not set
95 _
\b@_
\bs_
\by_
\bs_
\bc_
\bo_
\bn_
\bf_
\bd_
\bi_
\br_
\b@_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs List of who can run what
97 _
\b@_
\bs_
\by_
\bs_
\bc_
\bo_
\bn_
\bf_
\bd_
\bi_
\br_
\b@_
\b/_
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs_
\b._
\bt_
\bm_
\bp
100 D
\bDI
\bIA
\bAG
\bGN
\bNO
\bOS
\bST
\bTI
\bIC
\bCS
\bS
101 sudoers file busy, try again later.
102 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
104 /etc/sudoers.tmp: Permission denied
105 You didn't run v
\bvi
\bis
\bsu
\bud
\bdo
\bo as root.
107 Can't find you in the passwd database
108 Your userid does not appear in the system passwd file.
110 Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
111 Either you are trying to use an undeclare
112 {User,Runas,Host,Cmnd}_Alias or you have a user or hostname listed
113 that consists solely of uppercase letters, digits, and the
114 underscore ('_') character. In the latter case, you can ignore the
115 warnings (s
\bsu
\bud
\bdo
\bo will not complain). In -
\b-s
\bs (strict) mode these are
116 errors, not warnings.
118 Warning: unused {User,Runas,Host,Cmnd}_Alias
119 The specified {User,Runas,Host,Cmnd}_Alias was defined but never
120 used. You may wish to comment out or remove the unused alias. In
121 -
\b-s
\bs (strict) mode this is an error, not a warning.
123 S
\bSE
\bEE
\bE A
\bAL
\bLS
\bSO
\bO
124 _
\bv_
\bi(1), _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs(4), _
\bs_
\bu_
\bd_
\bo(1m), _
\bv_
\bi_
\bp_
\bw(8)
130 1.7.0 November 15, 2008 2
136 VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
139 A
\bAU
\bUT
\bTH
\bHO
\bOR
\bR
140 Many people have worked on _
\bs_
\bu_
\bd_
\bo over the years; this version of v
\bvi
\bis
\bsu
\bud
\bdo
\bo
145 See the HISTORY file in the sudo distribution or visit
146 http://www.sudo.ws/sudo/history.html for more details.
148 C
\bCA
\bAV
\bVE
\bEA
\bAT
\bTS
\bS
149 There is no easy way to prevent a user from gaining a root shell if the
150 editor used by v
\bvi
\bis
\bsu
\bud
\bdo
\bo allows shell escapes.
153 If you feel you have found a bug in v
\bvi
\bis
\bsu
\bud
\bdo
\bo, please submit a bug report
154 at http://www.sudo.ws/sudo/bugs/
156 S
\bSU
\bUP
\bPP
\bPO
\bOR
\bRT
\bT
157 Limited free support is available via the sudo-users mailing list, see
158 http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
161 D
\bDI
\bIS
\bSC
\bCL
\bLA
\bAI
\bIM
\bME
\bER
\bR
162 v
\bvi
\bis
\bsu
\bud
\bdo
\bo is provided ``AS IS'' and any express or implied warranties,
163 including, but not limited to, the implied warranties of
164 merchantability and fitness for a particular purpose are disclaimed.
165 See the LICENSE file distributed with s
\bsu
\bud
\bdo
\bo or
166 http://www.sudo.ws/sudo/license.html for complete details.
196 1.7.0 November 15, 2008 3
projects / debian / sudo / blob