-.\" Automatically generated by Pod::Man version 1.15
-.\" Thu Apr 25 09:34:54 2002
+.\" Copyright (c) 1996,1998-2005, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" Sponsored in part by the Defense Advanced Research Projects
+.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
+.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
+.\"
+.\" $Sudo: visudo.man.in,v 1.20.2.13 2007/11/02 19:15:16 millert Exp $
+.\" Automatically generated by Pod::Man v1.37, Pod::Parser v1.32
.\"
.\" Standard preamble:
-.\" ======================================================================
+.\" ========================================================================
.de Sh \" Subsection heading
.br
.if t .Sp
.if t .sp .5v
.if n .sp
..
-.de Ip \" List item
-.br
-.ie \\n(.$>=3 .ne \\$3
-.el .ne 3
-.IP "\\$1" \\$2
-..
.de Vb \" Begin verbatim text
.ft CW
.nf
..
.de Ve \" End verbatim text
.ft R
-
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. | will give a
-.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used
-.\" to do unbreakable dashes and therefore won't be available. \*(C` and
-.\" \*(C' expand to `' in nroff, nothing in troff, for use with C<>
+.\" real vertical bar. \*(C+ will give a nicer C++. Capital omega is used to
+.\" do unbreakable dashes and therefore won't be available. \*(C` and \*(C'
+.\" expand to `' in nroff, nothing in troff, for use with C<>.
.tr \(*W-|\(bv\*(Tr
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds R" ''
'br\}
.\"
-.\" If the F register is turned on, we'll generate index entries on stderr
-.\" for titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and
-.\" index entries marked with X<> in POD. Of course, you'll have to process
-.\" the output yourself in some meaningful fashion.
+.\" If the F register is turned on, we'll generate index entries on stderr for
+.\" titles (.TH), headers (.SH), subsections (.Sh), items (.Ip), and index
+.\" entries marked with X<> in POD. Of course, you'll have to process the
+.\" output yourself in some meaningful fashion.
.if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
. rr F
.\}
.\"
-.\" For nroff, turn off justification. Always turn off hyphenation; it
-.\" makes way too many mistakes in technical documents.
+.\" For nroff, turn off justification. Always turn off hyphenation; it makes
+.\" way too many mistakes in technical documents.
.hy 0
.if n .na
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear. Run. Save yourself. No user-serviceable parts.
-.bd B 3
. \" fudge factors for nroff and troff
.if n \{\
. ds #H 0
. ds Ae AE
.\}
.rm #[ #] #H #V #F C
-.\" ======================================================================
+.\" ========================================================================
.\"
-.IX Title "visudo @mansectsu@"
-.TH visudo @mansectsu@ "1.6.6" "April 25, 2002" "MAINTENANCE COMMANDS"
-.UC
+.IX Title "VISUDO @mansectsu@"
+.TH VISUDO @mansectsu@ "November 2, 2007" "1.6.9p8" "MAINTENANCE COMMANDS"
.SH "NAME"
visudo \- edit the sudoers file
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
-\&\fBvisudo\fR [ \fB\-c\fR ] [ \fB\-f\fR \fIsudoers\fR ] [ \fB\-q\fR ] [ \fB\-s\fR ] [ \fB\-V\fR ]
+\&\fBvisudo\fR [\fB\-c\fR] [\fB\-q\fR] [\fB\-s\fR] [\fB\-V\fR] [\fB\-f\fR \fIsudoers\fR]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
\&\fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on
your system, as determined by the \fIconfigure\fR script. Normally,
-\&\fBvisudo\fR does not honor the \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR environment
+\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment
variables unless they contain an editor in the aforementioned editors
-list. However, if \fBvisudo\fR is configured with the \fI\*(--with-enveditor\fR
-flag or the \fIenveditor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
-\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR.
+list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR
+flag or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
+\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
Note that this can be a security hole since it allows the user to
-execute any program they wish simply by setting \f(CW\*(C`EDITOR\*(C'\fR or \f(CW\*(C`VISUAL\*(C'\fR.
+execute any program they wish simply by setting \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
.PP
\&\fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
not save the changes if there is a syntax error. Upon finding
-an error, \fBvisudo\fR will print a message stating the line \fInumber\fR\|(s)
+an error, \fBvisudo\fR will print a message stating the line number(s)
where the error occurred and the user will receive the
\&\*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
to re-edit the \fIsudoers\fR file, \*(L"x\*(R" to exit without
.SH "OPTIONS"
.IX Header "OPTIONS"
\&\fBvisudo\fR accepts the following command line options:
-.Ip "\-c" 4
+.IP "\-c" 4
.IX Item "-c"
Enable \fBcheck-only\fR mode. The existing \fIsudoers\fR file will be
checked for syntax and a message will be printed to the
If the syntax check completes successfully, \fBvisudo\fR will
exit with a value of 0. If a syntax error is encountered,
\&\fBvisudo\fR will exit with a value of 1.
-.Ip "\-f" 4
+.IP "\-f" 4
.IX Item "-f"
Specify and alternate \fIsudoers\fR file location. With this option
\&\fBvisudo\fR will edit (or check) the \fIsudoers\fR file of your choice,
-instead of the default, \f(CW@sysconfdir\fR@/sudoers. The lock file used
+instead of the default, \fI@sysconfdir@/sudoers\fR. The lock file used
is the specified \fIsudoers\fR file with \*(L".tmp\*(R" appended to it.
-.Ip "\-q" 4
+.IP "\-q" 4
.IX Item "-q"
Enable \fBquiet\fR mode. In this mode details about syntax errors
are not printed. This option is only useful when combined with
the \fB\-c\fR flag.
-.Ip "\-s" 4
+.IP "\-s" 4
.IX Item "-s"
Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is
used before it is defined, \fBvisudo\fR will consider this a parse
error. Note that it is not possible to differentiate between an
alias and a hostname or username that consists solely of uppercase
letters, digits, and the underscore ('_') character.
-.Ip "\-V" 4
+.IP "\-V" 4
.IX Item "-V"
The \fB\-V\fR (version) option causes \fBvisudo\fR to print its version number
and exit.
-.SH "ERRORS"
-.IX Header "ERRORS"
-.Ip "sudoers file busy, try again later." 4
+.SH "ENVIRONMENT"
+.IX Header "ENVIRONMENT"
+The following environment variables are used only if \fBvisudo\fR
+was configured with the \fI\-\-with\-env\-editor\fR option:
+.ie n .IP "\*(C`VISUAL\*(C'" 16
+.el .IP "\f(CW\*(C`VISUAL\*(C'\fR" 16
+.IX Item "VISUAL"
+Invoked by visudo as the editor to use
+.ie n .IP "\*(C`EDITOR\*(C'" 16
+.el .IP "\f(CW\*(C`EDITOR\*(C'\fR" 16
+.IX Item "EDITOR"
+Used by visudo if \s-1VISUAL\s0 is not set
+.SH "FILES"
+.IX Header "FILES"
+.ie n .IP "\fI@sysconfdir@/sudoers\fR\*(C` \*(C'List of who can run what" 4
+.el .IP "\fI@sysconfdir@/sudoers\fR\f(CW\*(C` \*(C'\fRList of who can run what" 4
+.IX Item "@sysconfdir@/sudoers List of who can run what"
+.PD 0
+.ie n .IP "\fI@sysconfdir@/sudoers.tmp\fR\*(C` \*(C'Lock file for visudo" 4
+.el .IP "\fI@sysconfdir@/sudoers.tmp\fR\f(CW\*(C` \*(C'\fRLock file for visudo" 4
+.IX Item "@sysconfdir@/sudoers.tmp Lock file for visudo"
+.PD
+.SH "DIAGNOSTICS"
+.IX Header "DIAGNOSTICS"
+.IP "sudoers file busy, try again later." 4
.IX Item "sudoers file busy, try again later."
Someone else is currently editing the \fIsudoers\fR file.
-.Ip "@sysconfdir@/sudoers.tmp: Permission denied" 4
+.IP "@sysconfdir@/sudoers.tmp: Permission denied" 4
.IX Item "@sysconfdir@/sudoers.tmp: Permission denied"
You didn't run \fBvisudo\fR as root.
-.Ip "Can't find you in the passwd database" 4
+.IP "Can't find you in the passwd database" 4
.IX Item "Can't find you in the passwd database"
Your userid does not appear in the system passwd file.
-.Ip "Warning: undeclared Alias referenced near ..." 4
+.IP "Warning: undeclared Alias referenced near ..." 4
.IX Item "Warning: undeclared Alias referenced near ..."
Either you are using a {User,Runas,Host,Cmnd}_Alias before
defining it or you have a user or hostname listed that
underscore ('_') character. If the latter, you can ignore
the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict)
mode these are errors, not warnings.
-.SH "ENVIRONMENT"
-.IX Header "ENVIRONMENT"
-The following environment variables are used only if \fBvisudo\fR
-was configured with the \fI\*(--with-env-editor\fR option:
-.PP
-.Vb 2
-\& EDITOR Invoked by visudo as the editor to use
-\& VISUAL Used Invoked visudo if EDITOR is not set
-.Ve
-.SH "FILES"
-.IX Header "FILES"
-.Vb 2
-\& @sysconfdir@/sudoers List of who can run what
-\& @sysconfdir@/sudoers.tmp Lock file for visudo
-.Ve
+.IP "Warning: runas_default set after old value is in use ..." 4
+.IX Item "Warning: runas_default set after old value is in use ..."
+You have a \fIrunas_default\fR Defaults setting listed in the \fIsudoers\fR
+file after its value has already been used. This means that entries
+prior to the \fIrunas_default\fR setting will match based on the default
+value of \fIrunas_default\fR (\f(CW\*(C`@runas_default@\*(C'\fR) whereas entries
+\&\fBafter\fR the \fIrunas_default\fR setting will match based on the new
+value. This is usually unintentional and in most cases the
+<runas_default> setting should be placed before any \f(CW\*(C`Runas_Alias\*(C'\fR
+or User specifications. In \fB\-s\fR (strict) mode this is an error,
+not a warning.
+.SH "SEE ALSO"
+.IX Header "SEE ALSO"
+\&\fIvi\fR\|(1), \fIsudoers\fR\|(@mansectform@), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8)
.SH "AUTHOR"
.IX Header "AUTHOR"
Many people have worked on \fIsudo\fR over the years; this version of
\&\fBvisudo\fR was written by:
.PP
.Vb 1
-\& Todd Miller <Todd.Miller@courtesan.com>
+\& Todd Miller
.Ve
+.PP
See the \s-1HISTORY\s0 file in the sudo distribution or visit
http://www.sudo.ws/sudo/history.html for more details.
+.SH "CAVEATS"
+.IX Header "CAVEATS"
+There is no easy way to prevent a user from gaining a root shell if
+the editor used by \fBvisudo\fR allows shell escapes.
.SH "BUGS"
.IX Header "BUGS"
-If you feel you have found a bug in sudo, please submit a bug report
+If you feel you have found a bug in \fBvisudo\fR, please submit a bug report
at http://www.sudo.ws/sudo/bugs/
+.SH "SUPPORT"
+.IX Header "SUPPORT"
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo\-users to subscribe or
+search the archives.
.SH "DISCLAIMER"
.IX Header "DISCLAIMER"
-\&\fBVisudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
+\&\fBvisudo\fR is provided ``\s-1AS\s0 \s-1IS\s0'' and any express or implied warranties,
including, but not limited to, the implied warranties of merchantability
-and fitness for a particular purpose are disclaimed.
-See the \s-1LICENSE\s0 file distributed with \fBsudo\fR for complete details.
-.SH "CAVEATS"
-.IX Header "CAVEATS"
-There is no easy way to prevent a user from gaining a root shell if
-the editor used by \fBvisudo\fR allows shell escapes.
-.SH "SEE ALSO"
-.IX Header "SEE ALSO"
-\&\fIvi\fR\|(1), \fIsudo\fR\|(@mansectsu@), \fIvipw\fR\|(8).
+and fitness for a particular purpose are disclaimed. See the \s-1LICENSE\s0
+file distributed with \fBsudo\fR or http://www.sudo.ws/sudo/license.html
+for complete details.