Annotation of embedaddon/sudo/doc/visudo.cat, revision 1.1.1.1
1.1 misho 1: VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
2:
3:
4:
5: NNAAMMEE
6: visudo - edit the sudoers file
7:
8: SSYYNNOOPPSSIISS
9: vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s]
10:
11: DDEESSCCRRIIPPTTIIOONN
12: vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m).
13: vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits,
14: provides basic sanity checks, and checks for parse errors. If the
15: _s_u_d_o_e_r_s file is currently being edited you will receive a message to
16: try again later.
17:
18: There is a hard-coded list of one or more editors that vviissuuddoo will use
19: set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s
20: Default variable. This list defaults to "vi". Normally, vviissuuddoo does
21: not honor the VISUAL or EDITOR environment variables unless they
22: contain an editor in the aforementioned editors list. However, if
23: vviissuuddoo is configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option or the
24: _e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the
25: editor defines by VISUAL or EDITOR. Note that this can be a security
26: hole since it allows the user to execute any program they wish simply
27: by setting VISUAL or EDITOR.
28:
29: vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the
30: changes if there is a syntax error. Upon finding an error, vviissuuddoo will
31: print a message stating the line number(s) where the error occurred and
32: the user will receive the "What now?" prompt. At this point the user
33: may enter "e" to re-edit the _s_u_d_o_e_r_s file, "x" to exit without saving
34: the changes, or "Q" to quit and save changes. The "Q" option should be
35: used with extreme care because if vviissuuddoo believes there to be a parse
36: error, so will ssuuddoo and no one will be able to ssuuddoo again until the
37: error is fixed. If "e" is typed to edit the _s_u_d_o_e_r_s file after a
38: parse error has been detected, the cursor will be placed on the line
39: where the error occurred (if the editor supports this feature).
40:
41: OOPPTTIIOONNSS
42: vviissuuddoo accepts the following command line options:
43:
44: -c Enable cchheecckk--oonnllyy mode. The existing _s_u_d_o_e_r_s file will be
45: checked for syntax and a message will be printed to the
46: standard output detailing the status of _s_u_d_o_e_r_s. If the
47: syntax check completes successfully, vviissuuddoo will exit with
48: a value of 0. If a syntax error is encountered, vviissuuddoo
49: will exit with a value of 1.
50:
51: -f _s_u_d_o_e_r_s Specify and alternate _s_u_d_o_e_r_s file location. With this
52: option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your
53: choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock
54: file used is the specified _s_u_d_o_e_r_s file with ".tmp"
55: appended to it. In cchheecckk--oonnllyy mode only, the argument to
56: --ff may be "-", indicating that _s_u_d_o_e_r_s will be read from
57: the standard input.
58:
59: -h The --hh (_h_e_l_p) option causes vviissuuddoo to print a short help
60: message to the standard output and exit.
61:
62: -q Enable qquuiieett mode. In this mode details about syntax
63: errors are not printed. This option is only useful when
64: combined with the --cc option.
65:
66: -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is
67: used before it is defined, vviissuuddoo will consider this a
68: parse error. Note that it is not possible to differentiate
69: between an alias and a host name or user name that consists
70: solely of uppercase letters, digits, and the underscore
71: ('_') character.
72:
73: -V The --VV (version) option causes vviissuuddoo to print its version
74: number and exit.
75:
76: EENNVVIIRROONNMMEENNTT
77: The following environment variables may be consulted depending on the
78: value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s variables:
79:
80: VISUAL Invoked by visudo as the editor to use
81:
82: EDITOR Used by visudo if VISUAL is not set
83:
84: FFIILLEESS
85: _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
86:
87: _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo
88:
89: DDIIAAGGNNOOSSTTIICCSS
90: sudoers file busy, try again later.
91: Someone else is currently editing the _s_u_d_o_e_r_s file.
92:
93: /etc/sudoers.tmp: Permission denied
94: You didn't run vviissuuddoo as root.
95:
96: Can't find you in the passwd database
97: Your userid does not appear in the system passwd file.
98:
99: Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
100: Either you are trying to use an undeclare
101: {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
102: that consists solely of uppercase letters, digits, and the
103: underscore ('_') character. In the latter case, you can ignore the
104: warnings (ssuuddoo will not complain). In --ss (strict) mode these are
105: errors, not warnings.
106:
107: Warning: unused {User,Runas,Host,Cmnd}_Alias
108: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
109: used. You may wish to comment out or remove the unused alias. In
110: --ss (strict) mode this is an error, not a warning.
111:
112: Warning: cycle in {User,Runas,Host,Cmnd}_Alias
113: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
114: itself, either directly or through an alias it includes. This is
115: only a warning by default as ssuuddoo will ignore cycles when parsing
116: the _s_u_d_o_e_r_s file.
117:
118: SSEEEE AALLSSOO
119: _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(1m)
120:
121: AAUUTTHHOORR
122: Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo
123: was written by:
124:
125: Todd Miller
126:
127: See the HISTORY file in the sudo distribution or visit
128: http://www.sudo.ws/sudo/history.html for more details.
129:
130: CCAAVVEEAATTSS
131: There is no easy way to prevent a user from gaining a root shell if the
132: editor used by vviissuuddoo allows shell escapes.
133:
134: BBUUGGSS
135: If you feel you have found a bug in vviissuuddoo, please submit a bug report
136: at http://www.sudo.ws/sudo/bugs/
137:
138: SSUUPPPPOORRTT
139: Limited free support is available via the sudo-users mailing list, see
140: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
141: the archives.
142:
143: DDIISSCCLLAAIIMMEERR
144: vviissuuddoo is provided ``AS IS'' and any express or implied warranties,
145: including, but not limited to, the implied warranties of
146: merchantability and fitness for a particular purpose are disclaimed.
147: See the LICENSE file distributed with ssuuddoo or
148: http://www.sudo.ws/sudo/license.html for complete details.
149:
150:
151:
152: 1.8.3 September 16, 2011 VISUDO(1m)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>