-visudo(1m) MAINTENANCE COMMANDS visudo(1m)
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
-N\bN\bN\bNA\bA\bA\bAM\bM\bM\bME\bE\bE\bE
+N\bNA\bAM\bME\bE
visudo - edit the sudoers file
-S\bS\bS\bSY\bY\bY\bYN\bN\bN\bNO\bO\bO\bOP\bP\bP\bPS\bS\bS\bSI\bI\bI\bIS\bS\bS\bS
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo [ -\b-\b-\b-c\bc\bc\bc ] [ -\b-\b-\b-f\bf\bf\bf _\bs_\bu_\bd_\bo_\be_\br_\bs ] [ -\b-\b-\b-q\bq\bq\bq ] [ -\b-\b-\b-s\bs\bs\bs ] [ -\b-\b-\b-V\bV\bV\bV ]
+S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
+ v\bvi\bis\bsu\bud\bdo\bo [-\b-c\bc] [-\b-q\bq] [-\b-s\bs] [-\b-V\bV] [-\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs]
-D\bD\bD\bDE\bE\bE\bES\bS\bS\bSC\bC\bC\bCR\bR\bR\bRI\bI\bI\bIP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bN
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous
- to _\bv_\bi_\bp_\bw(1m). v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multi
- ple simultaneous edits, provides basic sanity checks, and
- checks for parse errors. If the _\bs_\bu_\bd_\bo_\be_\br_\bs file is currently
- being edited you will receive a message to try again
- later.
+D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
+ v\bvi\bis\bsu\bud\bdo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous to _\bv_\bi_\bp_\bw(1m).
+ v\bvi\bis\bsu\bud\bdo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multiple simultaneous edits,
+ provides basic sanity checks, and checks for parse errors. If the
+ _\bs_\bu_\bd_\bo_\be_\br_\bs file is currently being edited you will receive a message to
+ try again later.
- There is a hard-coded list of editors that v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will use
- set at compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br
- _\bs_\bu_\bd_\bo_\be_\br_\bs Default variable. This list defaults to the path
- to _\bv_\bi(1) on your system, as determined by the _\bc_\bo_\bn_\bf_\bi_\bg_\bu_\br_\be
- script. Normally, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo does not honor the EDITOR or
- VISUAL environment variables unless they contain an editor
- in the aforementioned editors list. However, if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is
- configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\be_\bd_\bi_\bt_\bo_\br flag or the _\be_\bn_\bv_\be_\bd_\bi_\bt_\bo_\br
- Default variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will use any
- the editor defines by EDITOR or VISUAL. Note that this
- can be a security hole since it allows the user to execute
- any program they wish simply by setting EDITOR or VISUAL.
+ There is a hard-coded list of editors that v\bvi\bis\bsu\bud\bdo\bo will use set at
+ compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs Default
+ variable. This list defaults to the path to _\bv_\bi(1) on your system, as
+ determined by the _\bc_\bo_\bn_\bf_\bi_\bg_\bu_\br_\be script. Normally, v\bvi\bis\bsu\bud\bdo\bo does not honor
+ the VISUAL or EDITOR environment variables unless they contain an
+ editor in the aforementioned editors list. However, if v\bvi\bis\bsu\bud\bdo\bo is
+ configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\be_\bd_\bi_\bt_\bo_\br option or the _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br Default
+ variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any the editor defines by
+ VISUAL or EDITOR. Note that this can be a security hole since it
+ allows the user to execute any program they wish simply by setting
+ VISUAL or EDITOR.
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not
- save the changes if there is a syntax error. Upon finding
- an error, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will print a message stating the line
- _\bn_\bu_\bm_\bb_\be_\br(s) where the error occurred and the user will
- receive the "What now?" prompt. At this point the user
- may enter "e" to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, "x" to exit
- without saving the changes, or "Q" to quit and save
- changes. The "Q" option should be used with extreme care
- because if v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo believes there to be a parse error, so
- will s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo and no one will be able to s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo again until the
- error is fixed. If "e" is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file
- after a parse error has been detected, the cursor will be
- placed on the line where the error occurred (if the editor
- supports this feature).
+ v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not save the
+ changes if there is a syntax error. Upon finding an error, v\bvi\bis\bsu\bud\bdo\bo will
+ print a message stating the line number(s) where the error occurred and
+ the user will receive the "What now?" prompt. At this point the user
+ may enter "e" to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, "x" to exit without saving
+ the changes, or "Q" to quit and save changes. The "Q" option should be
+ used with extreme care because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse
+ error, so will s\bsu\bud\bdo\bo and no one will be able to s\bsu\bud\bdo\bo again until the
+ error is fixed. If "e" is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file after a
+ parse error has been detected, the cursor will be placed on the line
+ where the error occurred (if the editor supports this feature).
-O\bO\bO\bOP\bP\bP\bPT\bT\bT\bTI\bI\bI\bIO\bO\bO\bON\bN\bN\bNS\bS\bS\bS
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo accepts the following command line options:
+O\bOP\bPT\bTI\bIO\bON\bNS\bS
+ v\bvi\bis\bsu\bud\bdo\bo accepts the following command line options:
- -c Enable c\bc\bc\bch\bh\bh\bhe\be\be\bec\bc\bc\bck\bk\bk\bk-\b-\b-\b-o\bo\bo\bon\bn\bn\bnl\bl\bl\bly\by\by\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file
- will be checked for syntax and a message will be
- printed to the standard output detailing the status of
- _\bs_\bu_\bd_\bo_\be_\br_\bs. If the syntax check completes successfully,
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will exit with a value of 0. If a syntax error
- is encountered, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will exit with a value of 1.
+ -c Enable c\bch\bhe\bec\bck\bk-\b-o\bon\bnl\bly\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file will be
+ checked for syntax and a message will be printed to the
+ standard output detailing the status of _\bs_\bu_\bd_\bo_\be_\br_\bs. If the
+ syntax check completes successfully, v\bvi\bis\bsu\bud\bdo\bo will exit with
+ a value of 0. If a syntax error is encountered, v\bvi\bis\bsu\bud\bdo\bo
+ will exit with a value of 1.
- -f Specify and alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With
- this option v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs
+ -f _\bs_\bu_\bd_\bo_\be_\br_\bs Specify and alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With this
+ option v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs file of your
+ choice, instead of the default, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock
+ file used is the specified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp"
+ appended to it.
+ -q Enable q\bqu\bui\bie\bet\bt mode. In this mode details about syntax
-April 25, 2002 1.6.6 1
+1.7.2p5 February 22, 2010 1
-visudo(1m) MAINTENANCE COMMANDS visudo(1m)
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
- file of your choice, instead of the default,
- @sysconfdir@/sudoers. The lock file used is the spec
- ified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp" appended to it.
- -q Enable q\bq\bq\bqu\bu\bu\bui\bi\bi\bie\be\be\bet\bt\bt\bt mode. In this mode details about syntax
- errors are not printed. This option is only useful
- when combined with the -\b-\b-\b-c\bc\bc\bc flag.
+ errors are not printed. This option is only useful when
+ combined with the -\b-c\bc option.
- -s Enable s\bs\bs\bst\bt\bt\btr\br\br\bri\bi\bi\bic\bc\bc\bct\bt\bt\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an
- alias is used before it is defined, v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will con
- sider this a parse error. Note that it is not possi
- ble to differentiate between an alias and a hostname
- or username that consists solely of uppercase letters,
- digits, and the underscore ('_') character.
+ -s Enable s\bst\btr\bri\bic\bct\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an alias is
+ used before it is defined, v\bvi\bis\bsu\bud\bdo\bo will consider this a
+ parse error. Note that it is not possible to differentiate
+ between an alias and a hostname or username that consists
+ solely of uppercase letters, digits, and the underscore
+ ('_') character.
- -V The -\b-\b-\b-V\bV\bV\bV (version) option causes v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo to print its
- version number and exit.
+ -V The -\b-V\bV (version) option causes v\bvi\bis\bsu\bud\bdo\bo to print its version
+ number and exit.
-E\bE\bE\bER\bR\bR\bRR\bR\bR\bRO\bO\bO\bOR\bR\bR\bRS\bS\bS\bS
+E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
+ The following environment variables may be consulted depending on the
+ value of the _\be_\bd_\bi_\bt_\bo_\br and _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs variables:
+
+ VISUAL Invoked by visudo as the editor to use
+
+ EDITOR Used by visudo if VISUAL is not set
+
+F\bFI\bIL\bLE\bES\bS
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
+
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bt_\bm_\bp Lock file for visudo
+
+D\bDI\bIA\bAG\bGN\bNO\bOS\bST\bTI\bIC\bCS\bS
sudoers file busy, try again later.
Someone else is currently editing the _\bs_\bu_\bd_\bo_\be_\br_\bs file.
/etc/sudoers.tmp: Permission denied
- You didn't run v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo as root.
+ You didn't run v\bvi\bis\bsu\bud\bdo\bo as root.
Can't find you in the passwd database
Your userid does not appear in the system passwd file.
- Warning: undeclared Alias referenced near ...
- Either you are using a {User,Runas,Host,Cmnd}_Alias
- before defining it or you have a user or hostname
- listed that consists solely of uppercase letters, dig
- its, and the underscore ('_') character. If the lat
- ter, you can ignore the warnings (s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo will not com
- plain). In -\b-\b-\b-s\bs\bs\bs (strict) mode these are errors, not
- warnings.
-
-E\bE\bE\bEN\bN\bN\bNV\bV\bV\bVI\bI\bI\bIR\bR\bR\bRO\bO\bO\bON\bN\bN\bNM\bM\bM\bME\bE\bE\bEN\bN\bN\bNT\bT\bT\bT
- The following environment variables are used only if
- v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option:
+ Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
+ Either you are trying to use an undeclare
+ {User,Runas,Host,Cmnd}_Alias or you have a user or hostname listed
+ that consists solely of uppercase letters, digits, and the
+ underscore ('_') character. In the latter case, you can ignore the
+ warnings (s\bsu\bud\bdo\bo will not complain). In -\b-s\bs (strict) mode these are
+ errors, not warnings.
- EDITOR Invoked by visudo as the editor to use
- VISUAL Used Invoked visudo if EDITOR is not set
+ Warning: unused {User,Runas,Host,Cmnd}_Alias
+ The specified {User,Runas,Host,Cmnd}_Alias was defined but never
+ used. You may wish to comment out or remove the unused alias. In
+ -\b-s\bs (strict) mode this is an error, not a warning.
+S\bSE\bEE\bE A\bAL\bLS\bSO\bO
+ _\bv_\bi(1), _\bs_\bu_\bd_\bo_\be_\br_\bs(4), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bp_\bw(8)
-F\bF\bF\bFI\bI\bI\bIL\bL\bL\bLE\bE\bE\bES\bS\bS\bS
- /etc/sudoers List of who can run what
- /etc/sudoers.tmp Lock file for visudo
+A\bAU\bUT\bTH\bHO\bOR\bR
+ Many people have worked on _\bs_\bu_\bd_\bo over the years; this version of v\bvi\bis\bsu\bud\bdo\bo
-A\bA\bA\bAU\bU\bU\bUT\bT\bT\bTH\bH\bH\bHO\bO\bO\bOR\bR\bR\bR
- Many people have worked on _\bs_\bu_\bd_\bo over the years; this ver
- sion of v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo was written by:
+1.7.2p5 February 22, 2010 2
-April 25, 2002 1.6.6 2
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
+ was written by:
-visudo(1m) MAINTENANCE COMMANDS visudo(1m)
-
-
- Todd Miller <Todd.Miller@courtesan.com>
+ Todd Miller
See the HISTORY file in the sudo distribution or visit
http://www.sudo.ws/sudo/history.html for more details.
-B\bB\bB\bBU\bU\bU\bUG\bG\bG\bGS\bS\bS\bS
- If you feel you have found a bug in sudo, please submit a
- bug report at http://www.sudo.ws/sudo/bugs/
-
-D\bD\bD\bDI\bI\bI\bIS\bS\bS\bSC\bC\bC\bCL\bL\bL\bLA\bA\bA\bAI\bI\bI\bIM\bM\bM\bME\bE\bE\bER\bR\bR\bR
- V\bV\bV\bVi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo is provided ``AS IS'' and any express or implied
- warranties, including, but not limited to, the implied
- warranties of merchantability and fitness for a particular
- purpose are disclaimed. See the LICENSE file distributed
- with s\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo for complete details.
-
-C\bC\bC\bCA\bA\bA\bAV\bV\bV\bVE\bE\bE\bEA\bA\bA\bAT\bT\bT\bTS\bS\bS\bS
- There is no easy way to prevent a user from gaining a root
- shell if the editor used by v\bv\bv\bvi\bi\bi\bis\bs\bs\bsu\bu\bu\bud\bd\bd\bdo\bo\bo\bo allows shell escapes.
-
-S\bS\bS\bSE\bE\bE\bEE\bE\bE\bE A\bA\bA\bAL\bL\bL\bLS\bS\bS\bSO\bO\bO\bO
- _\bv_\bi(1), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bp_\bw(8).
-
+C\bCA\bAV\bVE\bEA\bAT\bTS\bS
+ There is no easy way to prevent a user from gaining a root shell if the
+ editor used by v\bvi\bis\bsu\bud\bdo\bo allows shell escapes.
+B\bBU\bUG\bGS\bS
+ If you feel you have found a bug in v\bvi\bis\bsu\bud\bdo\bo, please submit a bug report
+ at http://www.sudo.ws/sudo/bugs/
+S\bSU\bUP\bPP\bPO\bOR\bRT\bT
+ Limited free support is available via the sudo-users mailing list, see
+ http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+ the archives.
+D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
+ v\bvi\bis\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
+ including, but not limited to, the implied warranties of
+ merchantability and fitness for a particular purpose are disclaimed.
+ See the LICENSE file distributed with s\bsu\bud\bdo\bo or
+ http://www.sudo.ws/sudo/license.html for complete details.
-April 25, 2002 1.6.6 3
+1.7.2p5 February 22, 2010 3