--- embedaddon/sudo/doc/visudo.cat 2012/05/29 12:26:49 1.1.1.2 +++ embedaddon/sudo/doc/visudo.cat 2013/07/22 10:46:12 1.1.1.4 @@ -1,154 +1,147 @@ -VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) +VISUDO(1m) System Manager's Manual VISUDO(1m) - - NNAAMMEE - visudo - edit the sudoers file + vviissuuddoo - edit the sudoers file SSYYNNOOPPSSIISS - vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s] + vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s] DDEESSCCRRIIPPTTIIOONN - vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m). - vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, - provides basic sanity checks, and checks for parse errors. If the - _s_u_d_o_e_r_s file is currently being edited you will receive a message to - try again later. + vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to vipw(1m). + vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, + provides basic sanity checks, and checks for parse errors. If the + _s_u_d_o_e_r_s file is currently being edited you will receive a message to try + again later. - There is a hard-coded list of one or more editors that vviissuuddoo will use - set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s - Default variable. This list defaults to "vi". Normally, vviissuuddoo does - not honor the VISUAL or EDITOR environment variables unless they - contain an editor in the aforementioned editors list. However, if - vviissuuddoo is configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option or the - _e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the - editor defines by VISUAL or EDITOR. Note that this can be a security - hole since it allows the user to execute any program they wish simply - by setting VISUAL or EDITOR. + There is a hard-coded list of one or more editors that vviissuuddoo will use + set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default + variable. This list defaults to vi. Normally, vviissuuddoo does not honor the + VISUAL or EDITOR environment variables unless they contain an editor in + the aforementioned editors list. However, if vviissuuddoo is configured with + the --with-env-editor option or the _e_n_v___e_d_i_t_o_r Default variable is set in + _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by VISUAL or EDITOR. + Note that this can be a security hole since it allows the user to execute + any program they wish simply by setting VISUAL or EDITOR. - vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the - changes if there is a syntax error. Upon finding an error, vviissuuddoo will - print a message stating the line number(s) where the error occurred and - the user will receive the "What now?" prompt. At this point the user - may enter "e" to re-edit the _s_u_d_o_e_r_s file, "x" to exit without saving - the changes, or "Q" to quit and save changes. The "Q" option should be - used with extreme care because if vviissuuddoo believes there to be a parse - error, so will ssuuddoo and no one will be able to ssuuddoo again until the - error is fixed. If "e" is typed to edit the _s_u_d_o_e_r_s file after a - parse error has been detected, the cursor will be placed on the line - where the error occurred (if the editor supports this feature). + vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the + changes if there is a syntax error. Upon finding an error, vviissuuddoo will + print a message stating the line number(s) where the error occurred and + the user will receive the ``What now?'' prompt. At this point the user + may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the + changes, or `Q' to quit and save changes. The `Q' option should be used + with extreme care because if vviissuuddoo believes there to be a parse error, + so will ssuuddoo and no one will be able to ssuuddoo again until the error is + fixed. If `e' is typed to edit the _s_u_d_o_e_r_s file after a parse error has + been detected, the cursor will be placed on the line where the error + occurred (if the editor supports this feature). -OOPPTTIIOONNSS - vviissuuddoo accepts the following command line options: + The options are as follows: - -c Enable cchheecckk--oonnllyy mode. The existing _s_u_d_o_e_r_s file will be - checked for syntax errors, owner and mode. A message will - be printed to the standard output describing the status of - _s_u_d_o_e_r_s unless the --qq option was specified. If the check - completes successfully, vviissuuddoo will exit with a value of 0. - If an error is encountered, vviissuuddoo will exit with a value - of 1. + --cc Enable _c_h_e_c_k_-_o_n_l_y mode. The existing _s_u_d_o_e_r_s file will be + checked for syntax errors, owner and mode. A message will be + printed to the standard output describing the status of + _s_u_d_o_e_r_s unless the --qq option was specified. If the check + completes successfully, vviissuuddoo will exit with a value of 0. + If an error is encountered, vviissuuddoo will exit with a value of + 1. - -f _s_u_d_o_e_r_s Specify and alternate _s_u_d_o_e_r_s file location. With this - option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your - choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock - file used is the specified _s_u_d_o_e_r_s file with ".tmp" - appended to it. In cchheecckk--oonnllyy mode only, the argument to - --ff may be "-", indicating that _s_u_d_o_e_r_s will be read from - the standard input. + --ff _s_u_d_o_e_r_s Specify an alternate _s_u_d_o_e_r_s file location. With this option + vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your choice, + instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock file used is + the specified _s_u_d_o_e_r_s file with ``.tmp'' appended to it. In + _c_h_e_c_k_-_o_n_l_y mode only, the argument to --ff may be `-', + indicating that _s_u_d_o_e_r_s will be read from the standard input. - -h The --hh (_h_e_l_p) option causes vviissuuddoo to print a short help - message to the standard output and exit. + --hh The --hh (_h_e_l_p) option causes vviissuuddoo to print a short help + message to the standard output and exit. - -q Enable qquuiieett mode. In this mode details about syntax - errors are not printed. This option is only useful when - combined with the --cc option. + --qq Enable _q_u_i_e_t mode. In this mode details about syntax errors + are not printed. This option is only useful when combined + with the --cc option. - -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is - used before it is defined, vviissuuddoo will consider this a - parse error. Note that it is not possible to differentiate - between an alias and a host name or user name that consists - solely of uppercase letters, digits, and the underscore - ('_') character. + --ss Enable _s_t_r_i_c_t checking of the _s_u_d_o_e_r_s file. If an alias is + used before it is defined, vviissuuddoo will consider this a parse + error. Note that it is not possible to differentiate between + an alias and a host name or user name that consists solely of + uppercase letters, digits, and the underscore (`_') + character. - -V The --VV (version) option causes vviissuuddoo to print its version - number and exit. + --VV The --VV (_v_e_r_s_i_o_n) option causes vviissuuddoo to print its version + number and exit. EENNVVIIRROONNMMEENNTT - The following environment variables may be consulted depending on the - value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s variables: + The following environment variables may be consulted depending on the + value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s settings: - VISUAL Invoked by visudo as the editor to use + VISUAL Invoked by vviissuuddoo as the editor to use - EDITOR Used by visudo if VISUAL is not set + EDITOR Used by vviissuuddoo if VISUAL is not set FFIILLEESS - _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what + _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what - _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo + _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo DDIIAAGGNNOOSSTTIICCSS - sudoers file busy, try again later. + sudoers file busy, try again later. Someone else is currently editing the _s_u_d_o_e_r_s file. - /etc/sudoers.tmp: Permission denied + /etc/sudoers.tmp: Permission denied You didn't run vviissuuddoo as root. - Can't find you in the passwd database - Your userid does not appear in the system passwd file. + Can't find you in the passwd database + Your user ID does not appear in the system passwd file. - Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined - Either you are trying to use an undeclare + Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined + Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed that consists solely of uppercase letters, digits, and the - underscore ('_') character. In the latter case, you can ignore the + underscore (`_') character. In the latter case, you can ignore the warnings (ssuuddoo will not complain). In --ss (strict) mode these are errors, not warnings. - Warning: unused {User,Runas,Host,Cmnd}_Alias + Warning: unused {User,Runas,Host,Cmnd}_Alias The specified {User,Runas,Host,Cmnd}_Alias was defined but never used. You may wish to comment out or remove the unused alias. In --ss (strict) mode this is an error, not a warning. - Warning: cycle in {User,Runas,Host,Cmnd}_Alias + Warning: cycle in {User,Runas,Host,Cmnd}_Alias The specified {User,Runas,Host,Cmnd}_Alias includes a reference to itself, either directly or through an alias it includes. This is only a warning by default as ssuuddoo will ignore cycles when parsing the _s_u_d_o_e_r_s file. SSEEEE AALLSSOO - _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(1m) + vi(1), sudoers(4), sudo(1m), vipw(1m) -AAUUTTHHOORR - Many people have worked on ssuuddoo over the years; this version of vviissuuddoo - was written by: +AAUUTTHHOORRSS + Many people have worked on ssuuddoo over the years; this version consists of + code written primarily by: - Todd Miller + Todd C. Miller - See the CONTRIBUTORS file in the ssuuddoo distribution - (http://www.sudo.ws/sudo/contributors.html) for a list of people who - have contributed to ssuuddoo. + See the CONTRIBUTORS file in the ssuuddoo distribution + (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of + people who have contributed to ssuuddoo. CCAAVVEEAATTSS - There is no easy way to prevent a user from gaining a root shell if the - editor used by vviissuuddoo allows shell escapes. + There is no easy way to prevent a user from gaining a root shell if the + editor used by vviissuuddoo allows shell escapes. BBUUGGSS - If you feel you have found a bug in vviissuuddoo, please submit a bug report - at http://www.sudo.ws/sudo/bugs/ + If you feel you have found a bug in vviissuuddoo, please submit a bug report at + http://www.sudo.ws/sudo/bugs/ SSUUPPPPOORRTT - Limited free support is available via the sudo-users mailing list, see - http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search - the archives. + Limited free support is available via the sudo-users mailing list, see + http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the + archives. DDIISSCCLLAAIIMMEERR - vviissuuddoo is provided ``AS IS'' and any express or implied warranties, - including, but not limited to, the implied warranties of - merchantability and fitness for a particular purpose are disclaimed. - See the LICENSE file distributed with ssuuddoo or - http://www.sudo.ws/sudo/license.html for complete details. + vviissuuddoo is provided ``AS IS'' and any express or implied warranties, + including, but not limited to, the implied warranties of merchantability + and fitness for a particular purpose are disclaimed. See the LICENSE + file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for + complete details. - - -1.8.5 March 14, 2012 VISUDO(1m) +Sudo 1.8.7 June 12, 2013 Sudo 1.8.7