-VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
-
-
+VISUDO(1m) System Manager's Manual VISUDO(1m)
N\bNA\bAM\bME\bE
- visudo - edit the sudoers file
+ v\bvi\bis\bsu\bud\bdo\bo - edit the sudoers file
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- v\bvi\bis\bsu\bud\bdo\bo [-\b-c\bch\bhq\bqs\bsV\bV] [-\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs]
+ v\bvi\bis\bsu\bud\bdo\bo [-\b-c\bch\bhq\bqs\bsV\bV] [-\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs]
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
- v\bvi\bis\bsu\bud\bdo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous to _\bv_\bi_\bp_\bw(1m).
- v\bvi\bis\bsu\bud\bdo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multiple simultaneous edits,
- provides basic sanity checks, and checks for parse errors. If the
- _\bs_\bu_\bd_\bo_\be_\br_\bs file is currently being edited you will receive a message to
- try again later.
-
- There is a hard-coded list of one or more editors that v\bvi\bis\bsu\bud\bdo\bo will use
- set at compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs
- Default variable. This list defaults to "vi". Normally, v\bvi\bis\bsu\bud\bdo\bo does
- not honor the VISUAL or EDITOR environment variables unless they
- contain an editor in the aforementioned editors list. However, if
- v\bvi\bis\bsu\bud\bdo\bo is configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option or the
- _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br Default variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any the
- editor defines by VISUAL or EDITOR. Note that this can be a security
- hole since it allows the user to execute any program they wish simply
- by setting VISUAL or EDITOR.
-
- v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not save the
- changes if there is a syntax error. Upon finding an error, v\bvi\bis\bsu\bud\bdo\bo will
- print a message stating the line number(s) where the error occurred and
- the user will receive the "What now?" prompt. At this point the user
- may enter "e" to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, "x" to exit without saving
- the changes, or "Q" to quit and save changes. The "Q" option should be
- used with extreme care because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse
- error, so will s\bsu\bud\bdo\bo and no one will be able to s\bsu\bud\bdo\bo again until the
- error is fixed. If "e" is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file after a
- parse error has been detected, the cursor will be placed on the line
- where the error occurred (if the editor supports this feature).
-
-O\bOP\bPT\bTI\bIO\bON\bNS\bS
- v\bvi\bis\bsu\bud\bdo\bo accepts the following command line options:
-
- -c Enable c\bch\bhe\bec\bck\bk-\b-o\bon\bnl\bly\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file will be
- checked for syntax errors, owner and mode. A message will
- be printed to the standard output describing the status of
- _\bs_\bu_\bd_\bo_\be_\br_\bs unless the -\b-q\bq option was specified. If the check
- completes successfully, v\bvi\bis\bsu\bud\bdo\bo will exit with a value of 0.
- If an error is encountered, v\bvi\bis\bsu\bud\bdo\bo will exit with a value
- of 1.
-
- -f _\bs_\bu_\bd_\bo_\be_\br_\bs Specify and alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With this
- option v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs file of your
- choice, instead of the default, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock
- file used is the specified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp"
- appended to it. In c\bch\bhe\bec\bck\bk-\b-o\bon\bnl\bly\by mode only, the argument to
- -\b-f\bf may be "-", indicating that _\bs_\bu_\bd_\bo_\be_\br_\bs will be read from
- the standard input.
-
- -h The -\b-h\bh (_\bh_\be_\bl_\bp) option causes v\bvi\bis\bsu\bud\bdo\bo to print a short help
- message to the standard output and exit.
-
- -q Enable q\bqu\bui\bie\bet\bt mode. In this mode details about syntax
- errors are not printed. This option is only useful when
- combined with the -\b-c\bc option.
-
- -s Enable s\bst\btr\bri\bic\bct\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an alias is
- used before it is defined, v\bvi\bis\bsu\bud\bdo\bo will consider this a
- parse error. Note that it is not possible to differentiate
- between an alias and a host name or user name that consists
- solely of uppercase letters, digits, and the underscore
- ('_') character.
-
- -V The -\b-V\bV (version) option causes v\bvi\bis\bsu\bud\bdo\bo to print its version
- number and exit.
+ v\bvi\bis\bsu\bud\bdo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous to vipw(1m).
+ v\bvi\bis\bsu\bud\bdo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multiple simultaneous edits,
+ provides basic sanity checks, and checks for parse errors. If the
+ _\bs_\bu_\bd_\bo_\be_\br_\bs file is currently being edited you will receive a message to try
+ again later.
+
+ There is a hard-coded list of one or more editors that v\bvi\bis\bsu\bud\bdo\bo will use
+ set at compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs Default
+ variable. This list defaults to vi. Normally, v\bvi\bis\bsu\bud\bdo\bo does not honor the
+ VISUAL or EDITOR environment variables unless they contain an editor in
+ the aforementioned editors list. However, if v\bvi\bis\bsu\bud\bdo\bo is configured with
+ the --with-env-editor option or the _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br Default variable is set in
+ _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any the editor defines by VISUAL or EDITOR.
+ Note that this can be a security hole since it allows the user to execute
+ any program they wish simply by setting VISUAL or EDITOR.
+
+ v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not save the
+ changes if there is a syntax error. Upon finding an error, v\bvi\bis\bsu\bud\bdo\bo will
+ print a message stating the line number(s) where the error occurred and
+ the user will receive the ``What now?'' prompt. At this point the user
+ may enter `e' to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, `x' to exit without saving the
+ changes, or `Q' to quit and save changes. The `Q' option should be used
+ with extreme care because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse error,
+ so will s\bsu\bud\bdo\bo and no one will be able to s\bsu\bud\bdo\bo again until the error is
+ fixed. If `e' is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file after a parse error has
+ been detected, the cursor will be placed on the line where the error
+ occurred (if the editor supports this feature).
+
+ The options are as follows:
+
+ -\b-c\bc Enable _\bc_\bh_\be_\bc_\bk_\b-_\bo_\bn_\bl_\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file will be
+ checked for syntax errors, owner and mode. A message will be
+ printed to the standard output describing the status of
+ _\bs_\bu_\bd_\bo_\be_\br_\bs unless the -\b-q\bq option was specified. If the check
+ completes successfully, v\bvi\bis\bsu\bud\bdo\bo will exit with a value of 0.
+ If an error is encountered, v\bvi\bis\bsu\bud\bdo\bo will exit with a value of
+ 1.
+
+ -\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs Specify an alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With this option
+ v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs file of your choice,
+ instead of the default, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock file used is
+ the specified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ``.tmp'' appended to it. In
+ _\bc_\bh_\be_\bc_\bk_\b-_\bo_\bn_\bl_\by mode only, the argument to -\b-f\bf may be `-',
+ indicating that _\bs_\bu_\bd_\bo_\be_\br_\bs will be read from the standard input.
+
+ -\b-h\bh The -\b-h\bh (_\bh_\be_\bl_\bp) option causes v\bvi\bis\bsu\bud\bdo\bo to print a short help
+ message to the standard output and exit.
+
+ -\b-q\bq Enable _\bq_\bu_\bi_\be_\bt mode. In this mode details about syntax errors
+ are not printed. This option is only useful when combined
+ with the -\b-c\bc option.
+
+ -\b-s\bs Enable _\bs_\bt_\br_\bi_\bc_\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an alias is
+ used before it is defined, v\bvi\bis\bsu\bud\bdo\bo will consider this a parse
+ error. Note that it is not possible to differentiate between
+ an alias and a host name or user name that consists solely of
+ uppercase letters, digits, and the underscore (`_')
+ character.
+
+ -\b-V\bV The -\b-V\bV (_\bv_\be_\br_\bs_\bi_\bo_\bn) option causes v\bvi\bis\bsu\bud\bdo\bo to print its version
+ number and exit.
E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
- The following environment variables may be consulted depending on the
- value of the _\be_\bd_\bi_\bt_\bo_\br and _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs variables:
+ The following environment variables may be consulted depending on the
+ value of the _\be_\bd_\bi_\bt_\bo_\br and _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs settings:
- VISUAL Invoked by visudo as the editor to use
+ VISUAL Invoked by v\bvi\bis\bsu\bud\bdo\bo as the editor to use
- EDITOR Used by visudo if VISUAL is not set
+ EDITOR Used by v\bvi\bis\bsu\bud\bdo\bo if VISUAL is not set
F\bFI\bIL\bLE\bES\bS
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bt_\bm_\bp Lock file for visudo
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bt_\bm_\bp Lock file for visudo
D\bDI\bIA\bAG\bGN\bNO\bOS\bST\bTI\bIC\bCS\bS
- sudoers file busy, try again later.
+ sudoers file busy, try again later.
Someone else is currently editing the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
- /etc/sudoers.tmp: Permission denied
+ /etc/sudoers.tmp: Permission denied
You didn't run v\bvi\bis\bsu\bud\bdo\bo as root.
- Can't find you in the passwd database
- Your userid does not appear in the system passwd file.
+ Can't find you in the passwd database
+ Your user ID does not appear in the system passwd file.
- Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
- Either you are trying to use an undeclare
+ Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
+ Either you are trying to use an undeclared
{User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
that consists solely of uppercase letters, digits, and the
- underscore ('_') character. In the latter case, you can ignore the
+ underscore (`_') character. In the latter case, you can ignore the
warnings (s\bsu\bud\bdo\bo will not complain). In -\b-s\bs (strict) mode these are
errors, not warnings.
- Warning: unused {User,Runas,Host,Cmnd}_Alias
+ Warning: unused {User,Runas,Host,Cmnd}_Alias
The specified {User,Runas,Host,Cmnd}_Alias was defined but never
used. You may wish to comment out or remove the unused alias. In
-\b-s\bs (strict) mode this is an error, not a warning.
- Warning: cycle in {User,Runas,Host,Cmnd}_Alias
+ Warning: cycle in {User,Runas,Host,Cmnd}_Alias
The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
itself, either directly or through an alias it includes. This is
only a warning by default as s\bsu\bud\bdo\bo will ignore cycles when parsing
the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\bv_\bi(1), _\bs_\bu_\bd_\bo_\be_\br_\bs(4), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bp_\bw(1m)
+ vi(1), sudoers(4), sudo(1m), vipw(1m)
-A\bAU\bUT\bTH\bHO\bOR\bR
- Many people have worked on s\bsu\bud\bdo\bo over the years; this version of v\bvi\bis\bsu\bud\bdo\bo
- was written by:
+A\bAU\bUT\bTH\bHO\bOR\bRS\bS
+ Many people have worked on s\bsu\bud\bdo\bo over the years; this version consists of
+ code written primarily by:
- Todd Miller
+ Todd C. Miller
- See the CONTRIBUTORS file in the s\bsu\bud\bdo\bo distribution
- (http://www.sudo.ws/sudo/contributors.html) for a list of people who
- have contributed to s\bsu\bud\bdo\bo.
+ See the CONTRIBUTORS file in the s\bsu\bud\bdo\bo distribution
+ (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
+ people who have contributed to s\bsu\bud\bdo\bo.
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
- There is no easy way to prevent a user from gaining a root shell if the
- editor used by v\bvi\bis\bsu\bud\bdo\bo allows shell escapes.
+ There is no easy way to prevent a user from gaining a root shell if the
+ editor used by v\bvi\bis\bsu\bud\bdo\bo allows shell escapes.
B\bBU\bUG\bGS\bS
- If you feel you have found a bug in v\bvi\bis\bsu\bud\bdo\bo, please submit a bug report
- at http://www.sudo.ws/sudo/bugs/
+ If you feel you have found a bug in v\bvi\bis\bsu\bud\bdo\bo, please submit a bug report at
+ http://www.sudo.ws/sudo/bugs/
S\bSU\bUP\bPP\bPO\bOR\bRT\bT
- Limited free support is available via the sudo-users mailing list, see
- http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
- the archives.
+ Limited free support is available via the sudo-users mailing list, see
+ http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
+ archives.
D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
- v\bvi\bis\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
- including, but not limited to, the implied warranties of
- merchantability and fitness for a particular purpose are disclaimed.
- See the LICENSE file distributed with s\bsu\bud\bdo\bo or
- http://www.sudo.ws/sudo/license.html for complete details.
-
-
+ v\bvi\bis\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
+ including, but not limited to, the implied warranties of merchantability
+ and fitness for a particular purpose are disclaimed. See the LICENSE
+ file distributed with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for
+ complete details.
-1.8.5 March 14, 2012 VISUDO(1m)
+Sudo 1.8.7 June 12, 2013 Sudo 1.8.7