2 Copyright (c) 1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions
9 1. Redistributions of source code must retain the above copyright
10 notice, this list of conditions and the following disclaimer.
12 2. Redistributions in binary form must reproduce the above copyright
13 notice, this list of conditions and the following disclaimer in the
14 documentation and/or other materials provided with the distribution.
16 3. The name of the author may not be used to endorse or promote products
17 derived from this software without specific prior written permission
20 4. Products derived from this software may not be called "Sudo" nor
21 may "Sudo" appear in their names without specific prior written
22 permission from the author.
24 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
25 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
26 AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
27 THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
28 EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
29 PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
30 OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
31 WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
32 OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
33 ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 $Sudo: visudo.pod,v 1.28 2002/01/12 22:55:01 millert Exp $
40 visudo - edit the sudoers file
44 B<visudo> [ B<-c> ] [ B<-f> I<sudoers> ] [ B<-q> ] [ B<-s> ] [ B<-V> ]
48 B<visudo> edits the I<sudoers> file in a safe fashion, analogous to
49 vipw(8). B<visudo> locks the I<sudoers> file against multiple
50 simultaneous edits, provides basic sanity checks, and checks
51 for parse errors. If the I<sudoers> file is currently being
52 edited you will receive a message to try again later.
54 There is a hard-coded list of editors that B<visudo> will use set
55 at compile-time that may be overridden via the I<editor> I<sudoers>
56 C<Default> variable. This list defaults to the path to vi(1) on
57 your system, as determined by the I<configure> script. Normally,
58 B<visudo> does not honor the C<EDITOR> or C<VISUAL> environment
59 variables unless they contain an editor in the aforementioned editors
60 list. However, if B<visudo> is configured with the I<--with-enveditor>
61 flag or the I<enveditor> C<Default> variable is set in I<sudoers>,
62 B<visudo> will use any the editor defines by C<EDITOR> or C<VISUAL>.
63 Note that this can be a security hole since it allows the user to
64 execute any program they wish simply by setting C<EDITOR> or C<VISUAL>.
66 B<visudo> parses the I<sudoers> file after the edit and will
67 not save the changes if there is a syntax error. Upon finding
68 an error, B<visudo> will print a message stating the line number(s)
69 where the error occurred and the user will receive the
70 "What now?" prompt. At this point the user may enter "e"
71 to re-edit the I<sudoers> file, "x" to exit without
72 saving the changes, or "Q" to quit and save changes. The
73 "Q" option should be used with extreme care because if B<visudo>
74 believes there to be a parse error, so will B<sudo> and no one
75 will be able to B<sudo> again until the error is fixed.
76 If "e" is typed to edit the I<sudoers> file after a parse error
77 has been detected, the cursor will be placed on the line where the
78 error occurred (if the editor supports this feature).
82 B<visudo> accepts the following command line options:
88 Enable B<check-only> mode. The existing I<sudoers> file will be
89 checked for syntax and a message will be printed to the
90 standard output detailing the status of I<sudoers>.
91 If the syntax check completes successfully, B<visudo> will
92 exit with a value of 0. If a syntax error is encountered,
93 B<visudo> will exit with a value of 1.
97 Specify and alternate I<sudoers> file location. With this option
98 B<visudo> will edit (or check) the I<sudoers> file of your choice,
99 instead of the default, @sysconfdir@/sudoers. The lock file used
100 is the specified I<sudoers> file with ".tmp" appended to it.
104 Enable B<quiet> mode. In this mode details about syntax errors
105 are not printed. This option is only useful when combined with
110 Enable B<strict> checking of the I<sudoers> file. If an alias is
111 used before it is defined, B<visudo> will consider this a parse
112 error. Note that it is not possible to differentiate between an
113 alias and a hostname or username that consists solely of uppercase
114 letters, digits, and the underscore ('_') character.
118 The B<-V> (version) option causes B<visudo> to print its version number
127 =item sudoers file busy, try again later.
129 Someone else is currently editing the I<sudoers> file.
131 =item @sysconfdir@/sudoers.tmp: Permission denied
133 You didn't run B<visudo> as root.
135 =item Can't find you in the passwd database
137 Your userid does not appear in the system passwd file.
139 =item Warning: undeclared Alias referenced near ...
141 Either you are using a {User,Runas,Host,Cmnd}_Alias before
142 defining it or you have a user or hostname listed that
143 consists solely of uppercase letters, digits, and the
144 underscore ('_') character. If the latter, you can ignore
145 the warnings (B<sudo> will not complain). In B<-s> (strict)
146 mode these are errors, not warnings.
152 The following environment variables are used only if B<visudo>
153 was configured with the I<--with-env-editor> option:
155 EDITOR Invoked by visudo as the editor to use
156 VISUAL Used Invoked visudo if EDITOR is not set
160 @sysconfdir@/sudoers List of who can run what
161 @sysconfdir@/sudoers.tmp Lock file for visudo
165 Many people have worked on I<sudo> over the years; this version of
166 B<visudo> was written by:
168 Todd Miller <Todd.Miller@courtesan.com>
170 See the HISTORY file in the sudo distribution or visit
171 http://www.sudo.ws/sudo/history.html for more details.
175 If you feel you have found a bug in sudo, please submit a bug report
176 at http://www.sudo.ws/sudo/bugs/
180 B<Visudo> is provided ``AS IS'' and any express or implied warranties,
181 including, but not limited to, the implied warranties of merchantability
182 and fitness for a particular purpose are disclaimed.
183 See the LICENSE file distributed with B<sudo> for complete details.
187 There is no easy way to prevent a user from gaining a root shell if
188 the editor used by B<visudo> allows shell escapes.
192 vi(1), sudo(8), vipw(8).