-=cut
-Copyright (c) 1996,1998-2002 Todd C. Miller <Todd.Miller@courtesan.com>
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
-
-3. The name of the author may not be used to endorse or promote products
- derived from this software without specific prior written permission
- from the author.
-
-4. Products derived from this software may not be called "Sudo" nor
- may "Sudo" appear in their names without specific prior written
- permission from the author.
-
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
-THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+Copyright (c) 1996,1998-2005, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
+
+Permission to use, copy, modify, and distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-$Sudo: visudo.pod,v 1.28 2002/01/12 22:55:01 millert Exp $
+Sponsored in part by the Defense Advanced Research Projects
+Agency (DARPA) and Air Force Research Laboratory, Air Force
+Materiel Command, USAF, under agreement number F39502-99-1-0512.
+
+$Sudo: visudo.pod,v 1.38.2.10 2008/02/19 15:45:12 millert Exp $
=pod
=head1 NAME
=head1 SYNOPSIS
-B<visudo> [ B<-c> ] [ B<-f> I<sudoers> ] [ B<-q> ] [ B<-s> ] [ B<-V> ]
+B<visudo> [B<-c>] [B<-q>] [B<-s>] [B<-V>] [B<-f> I<sudoers>]
=head1 DESCRIPTION
B<visudo> edits the I<sudoers> file in a safe fashion, analogous to
-vipw(8). B<visudo> locks the I<sudoers> file against multiple
+L<vipw(8)>. B<visudo> locks the I<sudoers> file against multiple
simultaneous edits, provides basic sanity checks, and checks
for parse errors. If the I<sudoers> file is currently being
edited you will receive a message to try again later.
There is a hard-coded list of editors that B<visudo> will use set
at compile-time that may be overridden via the I<editor> I<sudoers>
-C<Default> variable. This list defaults to the path to vi(1) on
+C<Default> variable. This list defaults to the path to L<vi(1)> on
your system, as determined by the I<configure> script. Normally,
-B<visudo> does not honor the C<EDITOR> or C<VISUAL> environment
+B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment
variables unless they contain an editor in the aforementioned editors
list. However, if B<visudo> is configured with the I<--with-enveditor>
-flag or the I<enveditor> C<Default> variable is set in I<sudoers>,
-B<visudo> will use any the editor defines by C<EDITOR> or C<VISUAL>.
+flag or the I<env_editor> C<Default> variable is set in I<sudoers>,
+B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>.
Note that this can be a security hole since it allows the user to
-execute any program they wish simply by setting C<EDITOR> or C<VISUAL>.
+execute any program they wish simply by setting C<VISUAL> or C<EDITOR>.
B<visudo> parses the I<sudoers> file after the edit and will
not save the changes if there is a syntax error. Upon finding
Specify and alternate I<sudoers> file location. With this option
B<visudo> will edit (or check) the I<sudoers> file of your choice,
-instead of the default, @sysconfdir@/sudoers. The lock file used
+instead of the default, F<@sysconfdir@/sudoers>. The lock file used
is the specified I<sudoers> file with ".tmp" appended to it.
=item -q
=back
-=head1 ERRORS
+=head1 ENVIRONMENT
+
+The following environment variables are used only if B<visudo>
+was configured with the I<--with-env-editor> option:
+
+=over 16
+
+=item C<VISUAL>
+
+Invoked by visudo as the editor to use
+
+=item C<EDITOR>
+
+Used by visudo if VISUAL is not set
+
+=back
+
+=head1 FILES
+
+=over 24
+
+=item F<@sysconfdir@/sudoers>
+
+List of who can run what
+
+=item F<@sysconfdir@/sudoers.tmp>
+
+Lock file for visudo
+
+=back
+
+=head1 DIAGNOSTICS
=over 4
the warnings (B<sudo> will not complain). In B<-s> (strict)
mode these are errors, not warnings.
-=back
+=item Warning: runas_default set after old value is in use ...
-=head1 ENVIRONMENT
-
-The following environment variables are used only if B<visudo>
-was configured with the I<--with-env-editor> option:
+You have a I<runas_default> Defaults setting listed in the I<sudoers>
+file after its value has already been used. This means that entries
+prior to the I<runas_default> setting will match based on the default
+value of I<runas_default> (C<@runas_default@>) whereas entries
+B<after> the I<runas_default> setting will match based on the new
+value. This is usually unintentional and in most cases the
+<runas_default> setting should be placed before any C<Runas_Alias>
+or User specifications. In B<-s> (strict) mode this is an error,
+not a warning.
- EDITOR Invoked by visudo as the editor to use
- VISUAL Used Invoked visudo if EDITOR is not set
+=back
-=head1 FILES
+=head1 SEE ALSO
- @sysconfdir@/sudoers List of who can run what
- @sysconfdir@/sudoers.tmp Lock file for visudo
+L<vi(1)>, L<sudoers(5)>, L<sudo(8)>, L<vipw(8)>
=head1 AUTHOR
Many people have worked on I<sudo> over the years; this version of
B<visudo> was written by:
- Todd Miller <Todd.Miller@courtesan.com>
+ Todd Miller
See the HISTORY file in the sudo distribution or visit
http://www.sudo.ws/sudo/history.html for more details.
-=head1 BUGS
+=head1 CAVEATS
-If you feel you have found a bug in sudo, please submit a bug report
-at http://www.sudo.ws/sudo/bugs/
+There is no easy way to prevent a user from gaining a root shell if
+the editor used by B<visudo> allows shell escapes.
-=head1 DISCLAIMER
+=head1 BUGS
-B<Visudo> is provided ``AS IS'' and any express or implied warranties,
-including, but not limited to, the implied warranties of merchantability
-and fitness for a particular purpose are disclaimed.
-See the LICENSE file distributed with B<sudo> for complete details.
+If you feel you have found a bug in B<visudo>, please submit a bug report
+at http://www.sudo.ws/sudo/bugs/
-=head1 CAVEATS
+=head1 SUPPORT
-There is no easy way to prevent a user from gaining a root shell if
-the editor used by B<visudo> allows shell escapes.
+Limited free support is available via the sudo-users mailing list,
+see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
+search the archives.
-=head1 SEE ALSO
+=head1 DISCLAIMER
-vi(1), sudo(8), vipw(8).
+B<visudo> is provided ``AS IS'' and any express or implied warranties,
+including, but not limited to, the implied warranties of merchantability
+and fitness for a particular purpose are disclaimed. See the LICENSE
+file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
+for complete details.
projects / debian / sudo / blobdiff