4 visudo(1m) MAINTENANCE COMMANDS visudo(1m)
7 N
\bN
\bN
\bNA
\bA
\bA
\bAM
\bM
\bM
\bME
\bE
\bE
\bE
8 visudo - edit the sudoers file
10 S
\bS
\bS
\bSY
\bY
\bY
\bYN
\bN
\bN
\bNO
\bO
\bO
\bOP
\bP
\bP
\bPS
\bS
\bS
\bSI
\bI
\bI
\bIS
\bS
\bS
\bS
11 v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo [ -
\b-
\b-
\b-c
\bc
\bc
\bc ] [ -
\b-
\b-
\b-f
\bf
\bf
\bf _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs ] [ -
\b-
\b-
\b-q
\bq
\bq
\bq ] [ -
\b-
\b-
\b-s
\bs
\bs
\bs ] [ -
\b-
\b-
\b-V
\bV
\bV
\bV ]
13 D
\bD
\bD
\bDE
\bE
\bE
\bES
\bS
\bS
\bSC
\bC
\bC
\bCR
\bR
\bR
\bRI
\bI
\bI
\bIP
\bP
\bP
\bPT
\bT
\bT
\bTI
\bI
\bI
\bIO
\bO
\bO
\bON
\bN
\bN
\bN
14 v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo edits the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file in a safe fashion, analogous
15 to _
\bv_
\bi_
\bp_
\bw(1m). v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo locks the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file against multi
16 ple simultaneous edits, provides basic sanity checks, and
17 checks for parse errors. If the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file is currently
18 being edited you will receive a message to try again
21 There is a hard-coded list of editors that v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will use
22 set at compile-time that may be overridden via the _
\be_
\bd_
\bi_
\bt_
\bo_
\br
23 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs Default variable. This list defaults to the path
24 to _
\bv_
\bi(1) on your system, as determined by the _
\bc_
\bo_
\bn_
\bf_
\bi_
\bg_
\bu_
\br_
\be
25 script. Normally, v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo does not honor the EDITOR or
26 VISUAL environment variables unless they contain an editor
27 in the aforementioned editors list. However, if v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo is
28 configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\be_
\bd_
\bi_
\bt_
\bo_
\br flag or the _
\be_
\bn_
\bv_
\be_
\bd_
\bi_
\bt_
\bo_
\br
29 Default variable is set in _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs, v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will use any
30 the editor defines by EDITOR or VISUAL. Note that this
31 can be a security hole since it allows the user to execute
32 any program they wish simply by setting EDITOR or VISUAL.
34 v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo parses the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file after the edit and will not
35 save the changes if there is a syntax error. Upon finding
36 an error, v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will print a message stating the line
37 _
\bn_
\bu_
\bm_
\bb_
\be_
\br(s) where the error occurred and the user will
38 receive the "What now?" prompt. At this point the user
39 may enter "e" to re-edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file, "x" to exit
40 without saving the changes, or "Q" to quit and save
41 changes. The "Q" option should be used with extreme care
42 because if v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo believes there to be a parse error, so
43 will s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo and no one will be able to s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo again until the
44 error is fixed. If "e" is typed to edit the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file
45 after a parse error has been detected, the cursor will be
46 placed on the line where the error occurred (if the editor
47 supports this feature).
49 O
\bO
\bO
\bOP
\bP
\bP
\bPT
\bT
\bT
\bTI
\bI
\bI
\bIO
\bO
\bO
\bON
\bN
\bN
\bNS
\bS
\bS
\bS
50 v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo accepts the following command line options:
52 -c Enable c
\bc
\bc
\bch
\bh
\bh
\bhe
\be
\be
\bec
\bc
\bc
\bck
\bk
\bk
\bk-
\b-
\b-
\b-o
\bo
\bo
\bon
\bn
\bn
\bnl
\bl
\bl
\bly
\by
\by
\by mode. The existing _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file
53 will be checked for syntax and a message will be
54 printed to the standard output detailing the status of
55 _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs. If the syntax check completes successfully,
56 v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will exit with a value of 0. If a syntax error
57 is encountered, v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will exit with a value of 1.
59 -f Specify and alternate _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file location. With
60 this option v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will edit (or check) the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs
64 April 25, 2002 1.6.6 1
70 visudo(1m) MAINTENANCE COMMANDS visudo(1m)
73 file of your choice, instead of the default,
74 @sysconfdir@/sudoers. The lock file used is the spec
75 ified _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file with ".tmp" appended to it.
77 -q Enable q
\bq
\bq
\bqu
\bu
\bu
\bui
\bi
\bi
\bie
\be
\be
\bet
\bt
\bt
\bt mode. In this mode details about syntax
78 errors are not printed. This option is only useful
79 when combined with the -
\b-
\b-
\b-c
\bc
\bc
\bc flag.
81 -s Enable s
\bs
\bs
\bst
\bt
\bt
\btr
\br
\br
\bri
\bi
\bi
\bic
\bc
\bc
\bct
\bt
\bt
\bt checking of the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file. If an
82 alias is used before it is defined, v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will con
83 sider this a parse error. Note that it is not possi
84 ble to differentiate between an alias and a hostname
85 or username that consists solely of uppercase letters,
86 digits, and the underscore ('_') character.
88 -V The -
\b-
\b-
\b-V
\bV
\bV
\bV (version) option causes v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo to print its
89 version number and exit.
91 E
\bE
\bE
\bER
\bR
\bR
\bRR
\bR
\bR
\bRO
\bO
\bO
\bOR
\bR
\bR
\bRS
\bS
\bS
\bS
92 sudoers file busy, try again later.
93 Someone else is currently editing the _
\bs_
\bu_
\bd_
\bo_
\be_
\br_
\bs file.
95 /etc/sudoers.tmp: Permission denied
96 You didn't run v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo as root.
98 Can't find you in the passwd database
99 Your userid does not appear in the system passwd file.
101 Warning: undeclared Alias referenced near ...
102 Either you are using a {User,Runas,Host,Cmnd}_Alias
103 before defining it or you have a user or hostname
104 listed that consists solely of uppercase letters, dig
105 its, and the underscore ('_') character. If the lat
106 ter, you can ignore the warnings (s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo will not com
107 plain). In -
\b-
\b-
\b-s
\bs
\bs
\bs (strict) mode these are errors, not
110 E
\bE
\bE
\bEN
\bN
\bN
\bNV
\bV
\bV
\bVI
\bI
\bI
\bIR
\bR
\bR
\bRO
\bO
\bO
\bON
\bN
\bN
\bNM
\bM
\bM
\bME
\bE
\bE
\bEN
\bN
\bN
\bNT
\bT
\bT
\bT
111 The following environment variables are used only if
112 v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo was configured with the _
\b-_
\b-_
\bw_
\bi_
\bt_
\bh_
\b-_
\be_
\bn_
\bv_
\b-_
\be_
\bd_
\bi_
\bt_
\bo_
\br option:
114 EDITOR Invoked by visudo as the editor to use
115 VISUAL Used Invoked visudo if EDITOR is not set
118 F
\bF
\bF
\bFI
\bI
\bI
\bIL
\bL
\bL
\bLE
\bE
\bE
\bES
\bS
\bS
\bS
119 /etc/sudoers List of who can run what
120 /etc/sudoers.tmp Lock file for visudo
123 A
\bA
\bA
\bAU
\bU
\bU
\bUT
\bT
\bT
\bTH
\bH
\bH
\bHO
\bO
\bO
\bOR
\bR
\bR
\bR
124 Many people have worked on _
\bs_
\bu_
\bd_
\bo over the years; this ver
125 sion of v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo was written by:
130 April 25, 2002 1.6.6 2
136 visudo(1m) MAINTENANCE COMMANDS visudo(1m)
139 Todd Miller <Todd.Miller@courtesan.com>
141 See the HISTORY file in the sudo distribution or visit
142 http://www.sudo.ws/sudo/history.html for more details.
144 B
\bB
\bB
\bBU
\bU
\bU
\bUG
\bG
\bG
\bGS
\bS
\bS
\bS
145 If you feel you have found a bug in sudo, please submit a
146 bug report at http://www.sudo.ws/sudo/bugs/
148 D
\bD
\bD
\bDI
\bI
\bI
\bIS
\bS
\bS
\bSC
\bC
\bC
\bCL
\bL
\bL
\bLA
\bA
\bA
\bAI
\bI
\bI
\bIM
\bM
\bM
\bME
\bE
\bE
\bER
\bR
\bR
\bR
149 V
\bV
\bV
\bVi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo is provided ``AS IS'' and any express or implied
150 warranties, including, but not limited to, the implied
151 warranties of merchantability and fitness for a particular
152 purpose are disclaimed. See the LICENSE file distributed
153 with s
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo for complete details.
155 C
\bC
\bC
\bCA
\bA
\bA
\bAV
\bV
\bV
\bVE
\bE
\bE
\bEA
\bA
\bA
\bAT
\bT
\bT
\bTS
\bS
\bS
\bS
156 There is no easy way to prevent a user from gaining a root
157 shell if the editor used by v
\bv
\bv
\bvi
\bi
\bi
\bis
\bs
\bs
\bsu
\bu
\bu
\bud
\bd
\bd
\bdo
\bo
\bo
\bo allows shell escapes.
159 S
\bS
\bS
\bSE
\bE
\bE
\bEE
\bE
\bE
\bE A
\bA
\bA
\bAL
\bL
\bL
\bLS
\bS
\bS
\bSO
\bO
\bO
\bO
160 _
\bv_
\bi(1), _
\bs_
\bu_
\bd_
\bo(1m), _
\bv_
\bi_
\bp_
\bw(8).
196 April 25, 2002 1.6.6 3