-=cut
-Copyright (c) 1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. The name of the author may not be used to endorse or promote products
- derived from this software without specific prior written permission
- from the author.
-
-4. Products derived from this software may not be called "Sudo" nor
- may "Sudo" appear in their names without specific prior written
- permission from the author.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+Copyright (c) 1996,1998-2005, 2007-2010
+ Todd C. Miller <Todd.Miller@courtesan.com>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-$Sudo: visudo.pod,v 1.28 2002/01/12 22:55:01 millert Exp $
+Sponsored in part by the Defense Advanced Research Projects
+Agency (DARPA) and Air Force Research Laboratory, Air Force
+Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
=pod
=head1 NAME
=head1 SYNOPSIS
-B<visudo> [ B<-c> ] [ B<-f> I<sudoers> ] [ B<-q> ] [ B<-s> ] [ B<-V> ]
+B<visudo> [B<-c>] [B<-q>] [B<-s>] [B<-V>] [B<-f> I<sudoers>]
=head1 DESCRIPTION
B<visudo> edits the I<sudoers> file in a safe fashion, analogous to
-vipw(8). B<visudo> locks the I<sudoers> file against multiple
+L<vipw(8)>. B<visudo> locks the I<sudoers> file against multiple
simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the I<sudoers> file is currently being
edited you will receive a message to try again later.
-There is a hard-coded list of editors that B<visudo> will use set
-at compile-time that may be overridden via the I<editor> I<sudoers>
-C<Default> variable. This list defaults to the path to vi(1) on
-your system, as determined by the I<configure> script. Normally,
-B<visudo> does not honor the C<EDITOR> or C<VISUAL> environment
+There is a hard-coded list of one or more editors that B<visudo> will
+use set at compile-time that may be overridden via the I<editor> I<sudoers>
+C<Default> variable. This list defaults to C<"@editor@">. Normally,
+B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment
variables unless they contain an editor in the aforementioned editors
-list. However, if B<visudo> is configured with the I<--with-enveditor>
-flag or the I<enveditor> C<Default> variable is set in I<sudoers>,
-B<visudo> will use any the editor defines by C<EDITOR> or C<VISUAL>.
+list. However, if B<visudo> is configured with the I<--with-env-editor>
+option or the I<env_editor> C<Default> variable is set in I<sudoers>,
+B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>.
Note that this can be a security hole since it allows the user to
-execute any program they wish simply by setting C<EDITOR> or C<VISUAL>.
+execute any program they wish simply by setting C<VISUAL> or C<EDITOR>.
B<visudo> parses the I<sudoers> file after the edit and will
not save the changes if there is a syntax error. Upon finding
B<visudo> accepts the following command line options:
-=over 4
+=over 12
=item -c
exit with a value of 0. If a syntax error is encountered,
B<visudo> will exit with a value of 1.
-=item -f
+=item -f I<sudoers>
Specify and alternate I<sudoers> file location. With this option
B<visudo> will edit (or check) the I<sudoers> file of your choice,
-instead of the default, @sysconfdir@/sudoers. The lock file used
+instead of the default, F<@sysconfdir@/sudoers>. The lock file used
is the specified I<sudoers> file with ".tmp" appended to it.
=item -q
Enable B<quiet> mode. In this mode details about syntax errors
are not printed. This option is only useful when combined with
-the B<-c> flag.
+the B<-c> option.
=item -s
Enable B<strict> checking of the I<sudoers> file. If an alias is
used before it is defined, B<visudo> will consider this a parse
error. Note that it is not possible to differentiate between an
-alias and a hostname or username that consists solely of uppercase
+alias and a host name or user name that consists solely of uppercase
letters, digits, and the underscore ('_') character.
=item -V
=back
-=head1 ERRORS
+=head1 ENVIRONMENT
+
+The following environment variables may be consulted depending on
+the value of the I<editor> and I<env_editor> I<sudoers> variables:
+
+=over 16
+
+=item C<VISUAL>
+
+Invoked by visudo as the editor to use
+
+=item C<EDITOR>
+
+Used by visudo if VISUAL is not set
+
+=back
+
+=head1 FILES
+
+=over 24
+
+=item F<@sysconfdir@/sudoers>
+
+List of who can run what
+
+=item F<@sysconfdir@/sudoers.tmp>
+
+Lock file for visudo
+
+=back
+
+=head1 DIAGNOSTICS
=over 4
Your userid does not appear in the system passwd file.
-=item Warning: undeclared Alias referenced near ...
+=item Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
-Either you are using a {User,Runas,Host,Cmnd}_Alias before
-defining it or you have a user or hostname listed that
-consists solely of uppercase letters, digits, and the
-underscore ('_') character. If the latter, you can ignore
-the warnings (B<sudo> will not complain). In B<-s> (strict)
-mode these are errors, not warnings.
+Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias
+or you have a user or host name listed that consists solely of
+uppercase letters, digits, and the underscore ('_') character. In
+the latter case, you can ignore the warnings (B<sudo> will not
+complain). In B<-s> (strict) mode these are errors, not warnings.
-=back
-
-=head1 ENVIRONMENT
+=item Warning: unused {User,Runas,Host,Cmnd}_Alias
-The following environment variables are used only if B<visudo>
-was configured with the I<--with-env-editor> option:
+The specified {User,Runas,Host,Cmnd}_Alias was defined but never
+used. You may wish to comment out or remove the unused alias. In
+B<-s> (strict) mode this is an error, not a warning.
- EDITOR Invoked by visudo as the editor to use
- VISUAL Used Invoked visudo if EDITOR is not set
+=back
-=head1 FILES
+=head1 SEE ALSO
- @sysconfdir@/sudoers List of who can run what
- @sysconfdir@/sudoers.tmp Lock file for visudo
+L<vi(1)>, L<sudoers(5)>, L<sudo(8)>, L<vipw(8)>
=head1 AUTHOR
Many people have worked on I<sudo> over the years; this version of
B<visudo> was written by:
- Todd Miller <Todd.Miller@courtesan.com>
+ Todd Miller
See the HISTORY file in the sudo distribution or visit
http://www.sudo.ws/sudo/history.html for more details.
-=head1 BUGS
+=head1 CAVEATS
-If you feel you have found a bug in sudo, please submit a bug report
-at http://www.sudo.ws/sudo/bugs/
+There is no easy way to prevent a user from gaining a root shell if
+the editor used by B<visudo> allows shell escapes.
-=head1 DISCLAIMER
+=head1 BUGS
-B<Visudo> is provided ``AS IS'' and any express or implied warranties,
-including, but not limited to, the implied warranties of merchantability
-and fitness for a particular purpose are disclaimed.
-See the LICENSE file distributed with B<sudo> for complete details.
+If you feel you have found a bug in B<visudo>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
-=head1 CAVEATS
+=head1 SUPPORT
-There is no easy way to prevent a user from gaining a root shell if
-the editor used by B<visudo> allows shell escapes.
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
-=head1 SEE ALSO
+=head1 DISCLAIMER
-vi(1), sudo(8), vipw(8).
+B<visudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed. See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.