visudo - edit the sudoers file
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- v\bvi\bis\bsu\bud\bdo\bo [ -\b-c\bc ] [ -\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs ] [ -\b-q\bq ] [ -\b-s\bs ] [ -\b-V\bV ]
+ v\bvi\bis\bsu\bud\bdo\bo [-\b-c\bc] [-\b-q\bq] [-\b-s\bs] [-\b-V\bV] [-\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs]
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
- v\bvi\bis\bsu\bud\bdo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous
- to vipw(1m). v\bvi\bis\bsu\bud\bdo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multi
- ple simultaneous edits, provides basic sanity checks, and
- checks for parse errors. If the _\bs_\bu_\bd_\bo_\be_\br_\bs file is currently
- being edited you will receive a message to try again
- later.
-
- There is a hard-coded list of editors that v\bvi\bis\bsu\bud\bdo\bo will use
- set at compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br
- _\bs_\bu_\bd_\bo_\be_\br_\bs Default variable. This list defaults to the path
- to _\bv_\bi(1) on your system, as determined by the _\bc_\bo_\bn_\bf_\bi_\bg_\bu_\br_\be
- script. Normally, v\bvi\bis\bsu\bud\bdo\bo does not honor the VISUAL or
- EDITOR environment variables unless they contain an editor
- in the aforementioned editors list. However, if v\bvi\bis\bsu\bud\bdo\bo is
- configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\be_\bd_\bi_\bt_\bo_\br flag or the _\be_\bn_\bv_\be_\bd_\bi_\bt_\bo_\br
- Default variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any
- the editor defines by VISUAL or EDITOR. Note that this
- can be a security hole since it allows the user to execute
- any program they wish simply by setting VISUAL or EDITOR.
-
- v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not
- save the changes if there is a syntax error. Upon finding
- an error, v\bvi\bis\bsu\bud\bdo\bo will print a message stating the line
- number(s) where the error occurred and the user will
- receive the "What now?" prompt. At this point the user
- may enter "e" to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, "x" to exit
- without saving the changes, or "Q" to quit and save
- changes. The "Q" option should be used with extreme care
- because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse error, so
- will s\bsu\bud\bdo\bo and no one will be able to s\bsu\bud\bdo\bo again until the
- error is fixed. If "e" is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file
- after a parse error has been detected, the cursor will be
- placed on the line where the error occurred (if the editor
- supports this feature).
+ v\bvi\bis\bsu\bud\bdo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous to _\bv_\bi_\bp_\bw(1m).
+ v\bvi\bis\bsu\bud\bdo\bo locks the _\bs_\bu_\bd_\bo_\be_\br_\bs file against multiple simultaneous edits,
+ provides basic sanity checks, and checks for parse errors. If the
+ _\bs_\bu_\bd_\bo_\be_\br_\bs file is currently being edited you will receive a message to
+ try again later.
+
+ There is a hard-coded list of one or more editors that v\bvi\bis\bsu\bud\bdo\bo will use
+ set at compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs
+ Default variable. This list defaults to "vi". Normally, v\bvi\bis\bsu\bud\bdo\bo does
+ not honor the VISUAL or EDITOR environment variables unless they
+ contain an editor in the aforementioned editors list. However, if
+ v\bvi\bis\bsu\bud\bdo\bo is configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option or the
+ _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br Default variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any the
+ editor defines by VISUAL or EDITOR. Note that this can be a security
+ hole since it allows the user to execute any program they wish simply
+ by setting VISUAL or EDITOR.
+
+ v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not save the
+ changes if there is a syntax error. Upon finding an error, v\bvi\bis\bsu\bud\bdo\bo will
+ print a message stating the line number(s) where the error occurred and
+ the user will receive the "What now?" prompt. At this point the user
+ may enter "e" to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, "x" to exit without saving
+ the changes, or "Q" to quit and save changes. The "Q" option should be
+ used with extreme care because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse
+ error, so will s\bsu\bud\bdo\bo and no one will be able to s\bsu\bud\bdo\bo again until the
+ error is fixed. If "e" is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file after a
+ parse error has been detected, the cursor will be placed on the line
+ where the error occurred (if the editor supports this feature).
O\bOP\bPT\bTI\bIO\bON\bNS\bS
v\bvi\bis\bsu\bud\bdo\bo accepts the following command line options:
- -c Enable c\bch\bhe\bec\bck\bk-\b-o\bon\bnl\bly\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file
- will be checked for syntax and a message will be
- printed to the standard output detailing the status of
- _\bs_\bu_\bd_\bo_\be_\br_\bs. If the syntax check completes successfully,
- v\bvi\bis\bsu\bud\bdo\bo will exit with a value of 0. If a syntax error
- is encountered, v\bvi\bis\bsu\bud\bdo\bo will exit with a value of 1.
+ -c Enable c\bch\bhe\bec\bck\bk-\b-o\bon\bnl\bly\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file will be
+ checked for syntax and a message will be printed to the
+ standard output detailing the status of _\bs_\bu_\bd_\bo_\be_\br_\bs. If the
+ syntax check completes successfully, v\bvi\bis\bsu\bud\bdo\bo will exit with
+ a value of 0. If a syntax error is encountered, v\bvi\bis\bsu\bud\bdo\bo
+ will exit with a value of 1.
- -f Specify and alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With
- this option v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs
+ -f _\bs_\bu_\bd_\bo_\be_\br_\bs Specify and alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With this
+ option v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs file of your
+ choice, instead of the default, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock
+ file used is the specified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp"
+ appended to it.
+ -q Enable q\bqu\bui\bie\bet\bt mode. In this mode details about syntax
+ errors are not printed. This option is only useful when
-1.6.8p12 June, 20 2005 1
+1.7.4 July 14, 2010 1
-VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
- file of your choice, instead of the default,
- _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock file used is the specified
- _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp" appended to it.
- -q Enable q\bqu\bui\bie\bet\bt mode. In this mode details about syntax
- errors are not printed. This option is only useful
- when combined with the -\b-c\bc flag.
+ combined with the -\b-c\bc option.
- -s Enable s\bst\btr\bri\bic\bct\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an
- alias is used before it is defined, v\bvi\bis\bsu\bud\bdo\bo will con
- sider this a parse error. Note that it is not possi
- ble to differentiate between an alias and a hostname
- or username that consists solely of uppercase letters,
- digits, and the underscore ('_') character.
+ -s Enable s\bst\btr\bri\bic\bct\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an alias is
+ used before it is defined, v\bvi\bis\bsu\bud\bdo\bo will consider this a
+ parse error. Note that it is not possible to differentiate
+ between an alias and a host name or user name that consists
+ solely of uppercase letters, digits, and the underscore
+ ('_') character.
- -V The -\b-V\bV (version) option causes v\bvi\bis\bsu\bud\bdo\bo to print its
- version number and exit.
+ -V The -\b-V\bV (version) option causes v\bvi\bis\bsu\bud\bdo\bo to print its version
+ number and exit.
E\bEN\bNV\bVI\bIR\bRO\bON\bNM\bME\bEN\bNT\bT
- The following environment variables are used only if
- v\bvi\bis\bsu\bud\bdo\bo was configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option:
+ The following environment variables may be consulted depending on the
+ value of the _\be_\bd_\bi_\bt_\bo_\br and _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs variables:
- VISUAL Invoked by visudo as the editor to use
- EDITOR Used by visudo if VISUAL is not set
+ VISUAL Invoked by visudo as the editor to use
+
+ EDITOR Used by visudo if VISUAL is not set
F\bFI\bIL\bLE\bES\bS
- /etc/sudoers List of who can run what
- /etc/sudoers.tmp Lock file for visudo
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs List of who can run what
+
+ _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs_\b._\bt_\bm_\bp Lock file for visudo
D\bDI\bIA\bAG\bGN\bNO\bOS\bST\bTI\bIC\bCS\bS
sudoers file busy, try again later.
Can't find you in the passwd database
Your userid does not appear in the system passwd file.
- Warning: undeclared Alias referenced near ...
- Either you are using a {User,Runas,Host,Cmnd}_Alias
- before defining it or you have a user or hostname
- listed that consists solely of uppercase letters, dig
- its, and the underscore ('_') character. If the lat
- ter, you can ignore the warnings (s\bsu\bud\bdo\bo will not com
- plain). In -\b-s\bs (strict) mode these are errors, not
- warnings.
-
- Warning: runas_default set after old value is in use ...
- You have a _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt Defaults setting listed in
- the _\bs_\bu_\bd_\bo_\be_\br_\bs file after its value has already been
- used. This means that entries prior to the
- _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt setting will match based on the default
- value of _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt (root) whereas entries a\baf\bft\bte\ber\br
+ Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
+ Either you are trying to use an undeclare
+ {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
+ that consists solely of uppercase letters, digits, and the
+ underscore ('_') character. In the latter case, you can ignore the
+ warnings (s\bsu\bud\bdo\bo will not complain). In -\b-s\bs (strict) mode these are
+ errors, not warnings.
+ Warning: unused {User,Runas,Host,Cmnd}_Alias
+ The specified {User,Runas,Host,Cmnd}_Alias was defined but never
+ used. You may wish to comment out or remove the unused alias. In
+ -\b-s\bs (strict) mode this is an error, not a warning.
+S\bSE\bEE\bE A\bAL\bLS\bSO\bO
+ _\bv_\bi(1), _\bs_\bu_\bd_\bo_\be_\br_\bs(4), _\bs_\bu_\bd_\bo(1m), _\bv_\bi_\bp_\bw(8)
-1.6.8p12 June, 20 2005 2
+A\bAU\bUT\bTH\bHO\bOR\bR
+ Many people have worked on _\bs_\bu_\bd_\bo over the years; this version of v\bvi\bis\bsu\bud\bdo\bo
+ was written by:
+1.7.4 July 14, 2010 2
-VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
- the _\br_\bu_\bn_\ba_\bs_\b__\bd_\be_\bf_\ba_\bu_\bl_\bt setting will match based on the new
- value. This is usually unintentional and in most
- cases the <runas_default> setting should be placed
- before any Runas_Alias or User specifications. In -\b-s\bs
- (strict) mode this is an error, not a warning.
-S\bSE\bEE\bE A\bAL\bLS\bSO\bO
- _\bv_\bi(1), sudoers(4), sudo(1m), vipw(1m)
+VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
-A\bAU\bUT\bTH\bHO\bOR\bR
- Many people have worked on _\bs_\bu_\bd_\bo over the years; this ver
- sion of v\bvi\bis\bsu\bud\bdo\bo was written by:
Todd Miller
http://www.sudo.ws/sudo/history.html for more details.
C\bCA\bAV\bVE\bEA\bAT\bTS\bS
- There is no easy way to prevent a user from gaining a root
- shell if the editor used by v\bvi\bis\bsu\bud\bdo\bo allows shell escapes.
+ There is no easy way to prevent a user from gaining a root shell if the
+ editor used by v\bvi\bis\bsu\bud\bdo\bo allows shell escapes.
B\bBU\bUG\bGS\bS
- If you feel you have found a bug in v\bvi\bis\bsu\bud\bdo\bo, please submit
- a bug report at http://www.sudo.ws/sudo/bugs/
+ If you feel you have found a bug in v\bvi\bis\bsu\bud\bdo\bo, please submit a bug report
+ at http://www.sudo.ws/sudo/bugs/
S\bSU\bUP\bPP\bPO\bOR\bRT\bT
- Commercial support is available for s\bsu\bud\bdo\bo, see
- http://www.sudo.ws/sudo/support.html for details.
-
- Limited free support is available via the sudo-users mail
- ing list, see http://www.sudo.ws/mail
- man/listinfo/sudo-users to subscribe or search the
- archives.
+ Limited free support is available via the sudo-users mailing list, see
+ http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
+ the archives.
D\bDI\bIS\bSC\bCL\bLA\bAI\bIM\bME\bER\bR
- V\bVi\bis\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied
- warranties, including, but not limited to, the implied
- warranties of merchantability and fitness for a particular
- purpose are disclaimed. See the LICENSE file distributed
- with s\bsu\bud\bdo\bo or http://www.sudo.ws/sudo/license.html for com
- plete details.
+ v\bvi\bis\bsu\bud\bdo\bo is provided ``AS IS'' and any express or implied warranties,
+ including, but not limited to, the implied warranties of
+ merchantability and fitness for a particular purpose are disclaimed.
+ See the LICENSE file distributed with s\bsu\bud\bdo\bo or
+ http://www.sudo.ws/sudo/license.html for complete details.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-1.6.8p12 June, 20 2005 3
+1.7.4 July 14, 2010 3