-visudo(1m) MAINTENANCE COMMANDS visudo(1m)
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
-N\bN\bN\bNA\bA\bA\bAM\bM\bM\bME\bE\bE\bE
+N\bNA\bAM\bME\bE
visudo - edit the sudoers file
-S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo [ -\b-\b-\b-c\bc\bc\bc ] [ -\b-\b-\b-f\bf\bf\bf _\bs_\bu_\bd_\bo_\be_\br_\bs ] [ -\b-\b-\b-q\bq\bq\bq ] [ -\b-\b-\b-s\bs\bs\bs ] [ -\b-\b-\b-V\bV\bV\bV ]
+S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
+ v\bvi\bis\bsu\bud\bdo\bo [ -\b-c\bc ] [ -\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs ] [ -\b-q\bq ] [ -\b-s\bs ] [ -\b-V\bV ]
-D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous
- to _\bv_\bi_\bp_\bw(1m). v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multi
+D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
+ v\bvi\bis\bsu\bud\bdo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous
+ to vipw(1m). v\bvi\bis\bsu\bud\bdo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multi
ple simultaneous edits, provides basic sanity checks, and
checks for parse errors. If the _\bs_\bu_\bd_\bo_\be_\br_\bs file is currently
being edited you will receive a message to try again
later.
- There is a hard-coded list of editors that v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will use
+ There is a hard-coded list of editors that v\bvi\bis\bsu\bud\bdo\bo will use
set at compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br
_\bs_\bu_\bd_\bo_\be_\br_\bs Default variable. This list defaults to the path
to _\bv_\bi(1) on your system, as determined by the _\bc_\bo_\bn_\bf_\bi_\bg_\bu_\br_\be
- script. Normally, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo does not honor the EDITOR or
- VISUAL environment variables unless they contain an editor
- in the aforementioned editors list. However, if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is
+ script. Normally, v\bvi\bis\bsu\bud\bdo\bo does not honor the VISUAL or
+ EDITOR environment variables unless they contain an editor
+ in the aforementioned editors list. However, if v\bvi\bis\bsu\bud\bdo\bo is
configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\be_\bd_\bi_\bt_\bo_\br flag or the _\be_\bn_\bv_\be_\bd_\bi_\bt_\bo_\br
- Default variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will use any
- the editor defines by EDITOR or VISUAL. Note that this
+ Default variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any
+ the editor defines by VISUAL or EDITOR. Note that this
can be a security hole since it allows the user to execute
- any program they wish simply by setting EDITOR or VISUAL.
+ any program they wish simply by setting VISUAL or EDITOR.
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not
+ v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not
save the changes if there is a syntax error. Upon finding
- an error, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will print a message stating the line
- _\bn_\bu_\bm_\bb_\be_\br(s) where the error occurred and the user will
+ an error, v\bvi\bis\bsu\bud\bdo\bo will print a message stating the line
+ number(s) where the error occurred and the user will
receive the "What now?" prompt. At this point the user
may enter "e" to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, "x" to exit
without saving the changes, or "Q" to quit and save
changes. The "Q" option should be used with extreme care
- because if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo believes there to be a parse error, so
- will s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo and no one will be able to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo again until the
+ because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse error, so
+ will s\bsu\bud\bdo\bo and no one will be able to s\bsu\bud\bdo\bo again until the
error is fixed. If "e" is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file
after a parse error has been detected, the cursor will be
placed on the line where the error occurred (if the editor
supports this feature).
-O\bO\bO\bOP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bNS\bS\bS\bS
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following command line options:
+O\bOP\bPT\bTI\bIO\bON\bNS\bS
+ v\bvi\bis\bsu\bud\bdo\bo accepts the following command line options:
- -c Enable c\bc\bc\bch\bh\bh\bhe\be\be\bec\bc\bc\bck\bk\bk\bk-\b-\b-\b-o\bo\bo\bon\bn\bn\bnl\bl\bl\bly\by\by\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file
+ -c Enable c\bch\bhe\bec\bck\bk-\b-o\bon\bnl\bly\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file
will be checked for syntax and a message will be
printed to the standard output detailing the status of
_\bs_\bu_\bd_\bo_\be_\br_\bs. If the syntax check completes successfully,
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will exit with a value of 0. If a syntax error
- is encountered, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will exit with a value of 1.
+ v\bvi\bis\bsu\bud\bdo\bo will exit with a value of 0. If a syntax error
+ is encountered, v\bvi\bis\bsu\bud\bdo\bo will exit with a value of 1.
-f Specify and alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With
- this option v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs
+ this option v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs
-April 25, 2002 1.6.6 1
+1.6.8p12 June, 20 2005 1
-visudo(1m) MAINTENANCE COMMANDS visudo(1m)
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
file of your choice, instead of the default,
- @sysconfdir@/sudoers. The lock file used is the spec
- ified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp" appended to it.
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock file used is the specified
+ _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp" appended to it.
- -q Enable q\bq\bq\bqu\bu\bu\bui\bi\bi\bie\be\be\bet\bt\bt\bt mode. In this mode details about syntax
+ -q Enable q\bqu\bui\bie\bet\bt mode. In this mode details about syntax
errors are not printed. This option is only useful
- when combined with the -\b-\b-\b-c\bc\bc\bc flag.
+ when combined with the -\b-c\bc flag.
- -s Enable s\bs\bs\bst\bt\bt\btr\br\br\bri\bi\bi\bic\bc\bc\bct\bt\bt\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an
- alias is used before it is defined, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will con
+ -s Enable s\bst\btr\bri\bic\bct\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an
+ alias is used before it is defined, v\bvi\bis\bsu\bud\bdo\bo will con
sider this a parse error. Note that it is not possi
ble to differentiate between an alias and a hostname
or username that consists solely of uppercase letters,
digits, and the underscore ('_') character.
- -V The -\b-\b-\b-V\bV\bV\bV (version) option causes v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print its
+ -V The -\b-V\bV (version) option causes v\bvi\bis\bsu\bud\bdo\bo to print its
version number and exit.
-E\bE\bE\bER\bR\bR\bRR\bR\bR\bRO\bO\bO\bOR\bR\bR\bRS\bS\bS\bS
+E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
+ The following environment variables are used only if
+ v\bvi\bis\bsu\bud\bdo\bo was configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option:
+
+ VISUAL Invoked by visudo as the editor to use
+ EDITOR Used by visudo if VISUAL is not set
+
+F\bFI\bIL\bLE\bES\bS
+ /etc/sudoers List of who can run what
+ /etc/sudoers.tmp Lock file for visudo
+
+D\bDI\bIA\bAG\bGN\bNO\bOS\bST\bTI\bIC\bCS\bS
sudoers file busy, try again later.
Someone else is currently editing the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
/etc/sudoers.tmp: Permission denied
- You didn't run v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo as root.
+ You didn't run v\bvi\bis\bsu\bud\bdo\bo as root.
Can't find you in the passwd database
Your userid does not appear in the system passwd file.
before defining it or you have a user or hostname
listed that consists solely of uppercase letters, dig
its, and the underscore ('_') character. If the lat
- ter, you can ignore the warnings (s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will not com
- plain). In -\b-\b-\b-s\bs\bs\bs (strict) mode these are errors, not
+ ter, you can ignore the warnings (s\bsu\bud\bdo\bo will not com
+ plain). In -\b-s\bs (strict) mode these are errors, not
warnings.
-E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT
- The following environment variables are used only if
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option:
-
- EDITOR Invoked by visudo as the editor to use
- VISUAL Used Invoked visudo if EDITOR is not set
-
-
-F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
- /etc/sudoers List of who can run what
- /etc/sudoers.tmp Lock file for visudo
+ Warning: runas_default set after old value is in use ...
+ You have a _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt Defaults setting listed in
+ the _\bs_\bu_\bd_\bo_\be_\br_\bs file after its value has already been
+ used. This means that entries prior to the
+ _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt setting will match based on the default
+ value of _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt (root) whereas entries a\baf\bft\bte\ber\br
-A\bA\bA\bAU\bU\bU\bUT\bT\bT\bTH\bH\bH\bHO\bO\bO\bOR\bR\bR\bR
- Many people have worked on _\bs_\bu_\bd_\bo over the years; this ver
- sion of v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was written by:
+1.6.8p12 June, 20 2005 2
-April 25, 2002 1.6.6 2
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
+ the _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt setting will match based on the new
+ value. This is usually unintentional and in most
+ cases the <runas_default> setting should be placed
+ before any Runas_Alias or User specifications. In -\b-s\bs
+ (strict) mode this is an error, not a warning.
-visudo(1m) MAINTENANCE COMMANDS visudo(1m)
+S\bSE\bEE\bE A\bAL\bLS\bSO\bO
+ _\bv_\bi(1), sudoers(4), sudo(1m), vipw(1m)
+A\bAU\bUT\bTH\bHO\bOR\bR
+ Many people have worked on _\bs_\bu_\bd_\bo over the years; this ver
+ sion of v\bvi\bis\bsu\bud\bdo\bo was written by:
- Todd Miller <Todd.Miller@courtesan.com>
+ Todd Miller
See the HISTORY file in the sudo distribution or visit
http://www.sudo.ws/sudo/history.html for more details.
-B\bB\bB\bBU\bU\bU\bUG\bG\bG\bGS\bS\bS\bS
- If you feel you have found a bug in sudo, please submit a
- bug report at http://www.sudo.ws/sudo/bugs/
-
-D\bD\bD\bDI\bI\bI\bIS\bS\bS\bSC\bC\bC\bCL\bL\bL\bLA\bA\bA\bAI\bI\bI\bIM\bM\bM\bME\bE\bE\bER\bR\bR\bR
- V\bV\bV\bVi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is provided ``AS IS'' and any express or implied
- warranties, including, but not limited to, the implied
- warranties of merchantability and fitness for a particular
- purpose are disclaimed. See the LICENSE file distributed
- with s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo for complete details.
-
-C\bC\bC\bCA\bA\bA\bAV\bV\bV\bVE\bE\bE\bEA\bA\bA\bAT\bT\bT\bTS\bS\bS\bS
+C\bCA\bAV\bVE\bEA\bAT\bTS\bS
There is no easy way to prevent a user from gaining a root
- shell if the editor used by v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows shell escapes.
-
-S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
- _\bv_\bi(1), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bp_\bw(8).
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+ shell if the editor used by v\bvi\bis\bsu\bud\bdo\bo allows shell escapes.
+B\bBU\bUG\bGS\bS
+ If you feel you have found a bug in v\bvi\bis\bsu\bud\bdo\bo, please submit
+ a bug report at http://www.sudo.ws/sudo/bugs/
+S\bSU\bUP\bPP\bPO\bOR\bRT\bT
+ Commercial support is available for s\bsu\bud\bdo\bo, see
+ http://www.sudo.ws/sudo/support.html for details.
+ Limited free support is available via the sudo-users mail
+ ing list, see http://www.sudo.ws/mail
+ man/listinfo/sudo-users to subscribe or search the
+ archives.
+D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
+ V\bVi\bis\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied
+ warranties, including, but not limited to, the implied
+ warranties of merchantability and fitness for a particular
+ purpose are disclaimed. See the LICENSE file distributed
+ with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for com
+ plete details.
-April 25, 2002 1.6.6 3
+1.6.8p12 June, 20 2005 3