|
version 1.1.1.1, 2012/02/21 16:23:02
|
version 1.1.1.3, 2012/10/09 09:29:52
|
|
Line 1
|
Line 1
|
| VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) | VISUDO(1m) System Manager's Manual VISUDO(1m) |
| |
|
| |
|
| |
|
| N�NA�AM�ME�E |
N�NA�AM�ME�E |
| visudo - edit the sudoers file | v�vi�is�su�ud�do�o - edit the sudoers file |
| |
|
| S�SY�YN�NO�OP�PS�SI�IS�S |
S�SY�YN�NO�OP�PS�SI�IS�S |
| v�vi�is�su�ud�do�o [-�-c�ch�hq�qs�sV�V] [-�-f�f _�s_�u_�d_�o_�e_�r_�s] | v�vi�is�su�ud�do�o [-�-c�ch�hq�qs�sV�V] [-�-f�f _�s_�u_�d_�o_�e_�r_�s] |
| |
|
| D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N |
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N |
| v�vi�is�su�ud�do�o edits the _�s_�u_�d_�o_�e_�r_�s file in a safe fashion, analogous to _�v_�i_�p_�w(1m). | v�vi�is�su�ud�do�o edits the _�s_�u_�d_�o_�e_�r_�s file in a safe fashion, analogous to vipw(1m). |
| v�vi�is�su�ud�do�o locks the _�s_�u_�d_�o_�e_�r_�s file against multiple simultaneous edits, | v�vi�is�su�ud�do�o locks the _�s_�u_�d_�o_�e_�r_�s file against multiple simultaneous edits, |
| provides basic sanity checks, and checks for parse errors. If the | provides basic sanity checks, and checks for parse errors. If the |
| _�s_�u_�d_�o_�e_�r_�s file is currently being edited you will receive a message to | _�s_�u_�d_�o_�e_�r_�s file is currently being edited you will receive a message to try |
| try again later. | again later. |
| |
|
| There is a hard-coded list of one or more editors that v�vi�is�su�ud�do�o will use | There is a hard-coded list of one or more editors that v�vi�is�su�ud�do�o will use |
| set at compile-time that may be overridden via the _�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s | set at compile-time that may be overridden via the _�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s Default |
| Default variable. This list defaults to "vi". Normally, v�vi�is�su�ud�do�o does | variable. This list defaults to vi. Normally, v�vi�is�su�ud�do�o does not honor the |
| not honor the VISUAL or EDITOR environment variables unless they | VISUAL or EDITOR environment variables unless they contain an editor in |
| contain an editor in the aforementioned editors list. However, if | the aforementioned editors list. However, if v�vi�is�su�ud�do�o is configured with |
| v�vi�is�su�ud�do�o is configured with the _�-_�-_�w_�i_�t_�h_�-_�e_�n_�v_�-_�e_�d_�i_�t_�o_�r option or the | the --with-env-editor option or the _�e_�n_�v_�__�e_�d_�i_�t_�o_�r Default variable is set in |
| _�e_�n_�v_�__�e_�d_�i_�t_�o_�r Default variable is set in _�s_�u_�d_�o_�e_�r_�s, v�vi�is�su�ud�do�o will use any the | _�s_�u_�d_�o_�e_�r_�s, v�vi�is�su�ud�do�o will use any the editor defines by VISUAL or EDITOR. |
| editor defines by VISUAL or EDITOR. Note that this can be a security | Note that this can be a security hole since it allows the user to execute |
| hole since it allows the user to execute any program they wish simply | any program they wish simply by setting VISUAL or EDITOR. |
| by setting VISUAL or EDITOR. | |
| |
|
| v�vi�is�su�ud�do�o parses the _�s_�u_�d_�o_�e_�r_�s file after the edit and will not save the | v�vi�is�su�ud�do�o parses the _�s_�u_�d_�o_�e_�r_�s file after the edit and will not save the |
| changes if there is a syntax error. Upon finding an error, v�vi�is�su�ud�do�o will | changes if there is a syntax error. Upon finding an error, v�vi�is�su�ud�do�o will |
| print a message stating the line number(s) where the error occurred and | print a message stating the line number(s) where the error occurred and |
| the user will receive the "What now?" prompt. At this point the user | the user will receive the ``What now?'' prompt. At this point the user |
| may enter "e" to re-edit the _�s_�u_�d_�o_�e_�r_�s file, "x" to exit without saving | may enter `e' to re-edit the _�s_�u_�d_�o_�e_�r_�s file, `x' to exit without saving the |
| the changes, or "Q" to quit and save changes. The "Q" option should be | changes, or `Q' to quit and save changes. The `Q' option should be used |
| used with extreme care because if v�vi�is�su�ud�do�o believes there to be a parse | with extreme care because if v�vi�is�su�ud�do�o believes there to be a parse error, |
| error, so will s�su�ud�do�o and no one will be able to s�su�ud�do�o again until the | so will s�su�ud�do�o and no one will be able to s�su�ud�do�o again until the error is |
| error is fixed. If "e" is typed to edit the _�s_�u_�d_�o_�e_�r_�s file after a | fixed. If `e' is typed to edit the _�s_�u_�d_�o_�e_�r_�s file after a parse error has |
| parse error has been detected, the cursor will be placed on the line | been detected, the cursor will be placed on the line where the error |
| where the error occurred (if the editor supports this feature). | occurred (if the editor supports this feature). |
| |
|
| O�OP�PT�TI�IO�ON�NS�S | The options are as follows: |
| v�vi�is�su�ud�do�o accepts the following command line options: | |
| |
|
| -c Enable c�ch�he�ec�ck�k-�-o�on�nl�ly�y mode. The existing _�s_�u_�d_�o_�e_�r_�s file will be | -�-c�c Enable _�c_�h_�e_�c_�k_�-_�o_�n_�l_�y mode. The existing _�s_�u_�d_�o_�e_�r_�s file will be |
| checked for syntax and a message will be printed to the | checked for syntax errors, owner and mode. A message will be |
| standard output detailing the status of _�s_�u_�d_�o_�e_�r_�s. If the | printed to the standard output describing the status of |
| syntax check completes successfully, v�vi�is�su�ud�do�o will exit with | _�s_�u_�d_�o_�e_�r_�s unless the -�-q�q option was specified. If the check |
| a value of 0. If a syntax error is encountered, v�vi�is�su�ud�do�o | completes successfully, v�vi�is�su�ud�do�o will exit with a value of 0. |
| will exit with a value of 1. | If an error is encountered, v�vi�is�su�ud�do�o will exit with a value of |
| | 1. |
| |
|
| -f _�s_�u_�d_�o_�e_�r_�s Specify and alternate _�s_�u_�d_�o_�e_�r_�s file location. With this | -�-f�f _�s_�u_�d_�o_�e_�r_�s Specify and alternate _�s_�u_�d_�o_�e_�r_�s file location. With this |
| option v�vi�is�su�ud�do�o will edit (or check) the _�s_�u_�d_�o_�e_�r_�s file of your | option v�vi�is�su�ud�do�o will edit (or check) the _�s_�u_�d_�o_�e_�r_�s file of your |
| choice, instead of the default, _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s. The lock | choice, instead of the default, _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s. The lock file |
| file used is the specified _�s_�u_�d_�o_�e_�r_�s file with ".tmp" | used is the specified _�s_�u_�d_�o_�e_�r_�s file with ``.tmp'' appended to |
| appended to it. In c�ch�he�ec�ck�k-�-o�on�nl�ly�y mode only, the argument to | it. In _�c_�h_�e_�c_�k_�-_�o_�n_�l_�y mode only, the argument to -�-f�f may be `-', |
| -�-f�f may be "-", indicating that _�s_�u_�d_�o_�e_�r_�s will be read from | indicating that _�s_�u_�d_�o_�e_�r_�s will be read from the standard input. |
| the standard input. | |
| |
|
| -h The -�-h�h (_�h_�e_�l_�p) option causes v�vi�is�su�ud�do�o to print a short help | -�-h�h The -�-h�h (_�h_�e_�l_�p) option causes v�vi�is�su�ud�do�o to print a short help |
| message to the standard output and exit. | message to the standard output and exit. |
| |
|
| -q Enable q�qu�ui�ie�et�t mode. In this mode details about syntax | -�-q�q Enable _�q_�u_�i_�e_�t mode. In this mode details about syntax errors |
| errors are not printed. This option is only useful when | are not printed. This option is only useful when combined |
| combined with the -�-c�c option. | with the -�-c�c option. |
| |
|
| -s Enable s�st�tr�ri�ic�ct�t checking of the _�s_�u_�d_�o_�e_�r_�s file. If an alias is | -�-s�s Enable _�s_�t_�r_�i_�c_�t checking of the _�s_�u_�d_�o_�e_�r_�s file. If an alias is |
| used before it is defined, v�vi�is�su�ud�do�o will consider this a | used before it is defined, v�vi�is�su�ud�do�o will consider this a parse |
| parse error. Note that it is not possible to differentiate | error. Note that it is not possible to differentiate between |
| between an alias and a host name or user name that consists | an alias and a host name or user name that consists solely of |
| solely of uppercase letters, digits, and the underscore | uppercase letters, digits, and the underscore (`_') |
| ('_') character. | character. |
| |
|
| -V The -�-V�V (version) option causes v�vi�is�su�ud�do�o to print its version | -�-V�V The -�-V�V (_�v_�e_�r_�s_�i_�o_�n) option causes v�vi�is�su�ud�do�o to print its version |
| number and exit. | number and exit. |
| |
|
| E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T |
E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T |
| The following environment variables may be consulted depending on the | The following environment variables may be consulted depending on the |
| value of the _�e_�d_�i_�t_�o_�r and _�e_�n_�v_�__�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s variables: | value of the _�e_�d_�i_�t_�o_�r and _�e_�n_�v_�__�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s settings: |
| |
|
| VISUAL Invoked by visudo as the editor to use | VISUAL Invoked by v�vi�is�su�ud�do�o as the editor to use |
| |
|
| EDITOR Used by visudo if VISUAL is not set | EDITOR Used by v�vi�is�su�ud�do�o if VISUAL is not set |
| |
|
| F�FI�IL�LE�ES�S |
F�FI�IL�LE�ES�S |
| _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s List of who can run what | _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s List of who can run what |
| |
|
| _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s_�._�t_�m_�p Lock file for visudo | _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s_�._�t_�m_�p Lock file for visudo |
| |
|
| D�DI�IA�AG�GN�NO�OS�ST�TI�IC�CS�S |
D�DI�IA�AG�GN�NO�OS�ST�TI�IC�CS�S |
| sudoers file busy, try again later. | sudoers file busy, try again later. |
| Someone else is currently editing the _�s_�u_�d_�o_�e_�r_�s file. |
Someone else is currently editing the _�s_�u_�d_�o_�e_�r_�s file. |
| |
|
| /etc/sudoers.tmp: Permission denied | /etc/sudoers.tmp: Permission denied |
| You didn't run v�vi�is�su�ud�do�o as root. |
You didn't run v�vi�is�su�ud�do�o as root. |
| |
|
| Can't find you in the passwd database | Can't find you in the passwd database |
| Your userid does not appear in the system passwd file. | Your user ID does not appear in the system passwd file. |
| |
|
| Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined | Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined |
| Either you are trying to use an undeclare | Either you are trying to use an undeclared |
| {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed |
{User,Runas,Host,Cmnd}_Alias or you have a user or host name listed |
| that consists solely of uppercase letters, digits, and the |
that consists solely of uppercase letters, digits, and the |
| underscore ('_') character. In the latter case, you can ignore the | underscore (`_') character. In the latter case, you can ignore the |
| warnings (s�su�ud�do�o will not complain). In -�-s�s (strict) mode these are |
warnings (s�su�ud�do�o will not complain). In -�-s�s (strict) mode these are |
| errors, not warnings. |
errors, not warnings. |
| |
|
| Warning: unused {User,Runas,Host,Cmnd}_Alias | Warning: unused {User,Runas,Host,Cmnd}_Alias |
| The specified {User,Runas,Host,Cmnd}_Alias was defined but never |
The specified {User,Runas,Host,Cmnd}_Alias was defined but never |
| used. You may wish to comment out or remove the unused alias. In |
used. You may wish to comment out or remove the unused alias. In |
| -�-s�s (strict) mode this is an error, not a warning. |
-�-s�s (strict) mode this is an error, not a warning. |
| |
|
| Warning: cycle in {User,Runas,Host,Cmnd}_Alias | Warning: cycle in {User,Runas,Host,Cmnd}_Alias |
| The specified {User,Runas,Host,Cmnd}_Alias includes a reference to |
The specified {User,Runas,Host,Cmnd}_Alias includes a reference to |
| itself, either directly or through an alias it includes. This is |
itself, either directly or through an alias it includes. This is |
| only a warning by default as s�su�ud�do�o will ignore cycles when parsing |
only a warning by default as s�su�ud�do�o will ignore cycles when parsing |
| the _�s_�u_�d_�o_�e_�r_�s file. |
the _�s_�u_�d_�o_�e_�r_�s file. |
| |
|
| S�SE�EE�E A�AL�LS�SO�O |
S�SE�EE�E A�AL�LS�SO�O |
| _�v_�i(1), _�s_�u_�d_�o_�e_�r_�s(4), _�s_�u_�d_�o(1m), _�v_�i_�p_�w(1m) | vi(1), sudoers(4), sudo(1m), vipw(1m) |
| |
|
| A�AU�UT�TH�HO�OR�R | A�AU�UT�TH�HO�OR�RS�S |
| Many people have worked on _�s_�u_�d_�o over the years; this version of v�vi�is�su�ud�do�o | Many people have worked on s�su�ud�do�o over the years; this version consists of |
| was written by: | code written primarily by: |
| |
|
| Todd Miller | Todd C. Miller |
| |
|
| See the HISTORY file in the sudo distribution or visit | See the CONTRIBUTORS file in the s�su�ud�do�o distribution |
| http://www.sudo.ws/sudo/history.html for more details. | (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of |
| | people who have contributed to s�su�ud�do�o. |
| |
|
| C�CA�AV�VE�EA�AT�TS�S |
C�CA�AV�VE�EA�AT�TS�S |
| There is no easy way to prevent a user from gaining a root shell if the | There is no easy way to prevent a user from gaining a root shell if the |
| editor used by v�vi�is�su�ud�do�o allows shell escapes. | editor used by v�vi�is�su�ud�do�o allows shell escapes. |
| |
|
| B�BU�UG�GS�S |
B�BU�UG�GS�S |
| If you feel you have found a bug in v�vi�is�su�ud�do�o, please submit a bug report | If you feel you have found a bug in v�vi�is�su�ud�do�o, please submit a bug report at |
| at http://www.sudo.ws/sudo/bugs/ | http://www.sudo.ws/sudo/bugs/ |
| |
|
| S�SU�UP�PP�PO�OR�RT�T |
S�SU�UP�PP�PO�OR�RT�T |
| Limited free support is available via the sudo-users mailing list, see | Limited free support is available via the sudo-users mailing list, see |
| http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search | http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the |
| the archives. | archives. |
| |
|
| D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R |
D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R |
| v�vi�is�su�ud�do�o is provided ``AS IS'' and any express or implied warranties, | v�vi�is�su�ud�do�o is provided ``AS IS'' and any express or implied warranties, |
| including, but not limited to, the implied warranties of | including, but not limited to, the implied warranties of merchantability |
| merchantability and fitness for a particular purpose are disclaimed. | and fitness for a particular purpose are disclaimed. See the LICENSE |
| See the LICENSE file distributed with s�su�ud�do�o or | file distributed with s�su�ud�do�o or http://www.sudo.ws/sudo/license.html for |
| http://www.sudo.ws/sudo/license.html for complete details. | complete details. |
| |
|
| Sudo 1.8.6 July 12, 2012 Sudo 1.8.6 |
| |
| 1.8.3 September 16, 2011 VISUDO(1m) | |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to visudo.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc