Annotation of embedaddon/sudo/doc/visudo.cat, revision 1.1.1.2
1.1 misho 1: VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
2:
3:
4:
5: NNAAMMEE
6: visudo - edit the sudoers file
7:
8: SSYYNNOOPPSSIISS
9: vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s]
10:
11: DDEESSCCRRIIPPTTIIOONN
12: vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m).
13: vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits,
14: provides basic sanity checks, and checks for parse errors. If the
15: _s_u_d_o_e_r_s file is currently being edited you will receive a message to
16: try again later.
17:
18: There is a hard-coded list of one or more editors that vviissuuddoo will use
19: set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s
20: Default variable. This list defaults to "vi". Normally, vviissuuddoo does
21: not honor the VISUAL or EDITOR environment variables unless they
22: contain an editor in the aforementioned editors list. However, if
23: vviissuuddoo is configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option or the
24: _e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the
25: editor defines by VISUAL or EDITOR. Note that this can be a security
26: hole since it allows the user to execute any program they wish simply
27: by setting VISUAL or EDITOR.
28:
29: vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the
30: changes if there is a syntax error. Upon finding an error, vviissuuddoo will
31: print a message stating the line number(s) where the error occurred and
32: the user will receive the "What now?" prompt. At this point the user
33: may enter "e" to re-edit the _s_u_d_o_e_r_s file, "x" to exit without saving
34: the changes, or "Q" to quit and save changes. The "Q" option should be
35: used with extreme care because if vviissuuddoo believes there to be a parse
36: error, so will ssuuddoo and no one will be able to ssuuddoo again until the
37: error is fixed. If "e" is typed to edit the _s_u_d_o_e_r_s file after a
38: parse error has been detected, the cursor will be placed on the line
39: where the error occurred (if the editor supports this feature).
40:
41: OOPPTTIIOONNSS
42: vviissuuddoo accepts the following command line options:
43:
44: -c Enable cchheecckk--oonnllyy mode. The existing _s_u_d_o_e_r_s file will be
1.1.1.2 ! misho 45: checked for syntax errors, owner and mode. A message will
! 46: be printed to the standard output describing the status of
! 47: _s_u_d_o_e_r_s unless the --qq option was specified. If the check
! 48: completes successfully, vviissuuddoo will exit with a value of 0.
! 49: If an error is encountered, vviissuuddoo will exit with a value
! 50: of 1.
1.1 misho 51:
52: -f _s_u_d_o_e_r_s Specify and alternate _s_u_d_o_e_r_s file location. With this
53: option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your
54: choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock
55: file used is the specified _s_u_d_o_e_r_s file with ".tmp"
56: appended to it. In cchheecckk--oonnllyy mode only, the argument to
57: --ff may be "-", indicating that _s_u_d_o_e_r_s will be read from
58: the standard input.
59:
60: -h The --hh (_h_e_l_p) option causes vviissuuddoo to print a short help
61: message to the standard output and exit.
62:
63: -q Enable qquuiieett mode. In this mode details about syntax
64: errors are not printed. This option is only useful when
65: combined with the --cc option.
66:
67: -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is
68: used before it is defined, vviissuuddoo will consider this a
69: parse error. Note that it is not possible to differentiate
70: between an alias and a host name or user name that consists
71: solely of uppercase letters, digits, and the underscore
72: ('_') character.
73:
74: -V The --VV (version) option causes vviissuuddoo to print its version
75: number and exit.
76:
77: EENNVVIIRROONNMMEENNTT
78: The following environment variables may be consulted depending on the
79: value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s variables:
80:
81: VISUAL Invoked by visudo as the editor to use
82:
83: EDITOR Used by visudo if VISUAL is not set
84:
85: FFIILLEESS
86: _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what
87:
88: _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo
89:
90: DDIIAAGGNNOOSSTTIICCSS
91: sudoers file busy, try again later.
92: Someone else is currently editing the _s_u_d_o_e_r_s file.
93:
94: /etc/sudoers.tmp: Permission denied
95: You didn't run vviissuuddoo as root.
96:
97: Can't find you in the passwd database
98: Your userid does not appear in the system passwd file.
99:
100: Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
101: Either you are trying to use an undeclare
102: {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
103: that consists solely of uppercase letters, digits, and the
104: underscore ('_') character. In the latter case, you can ignore the
105: warnings (ssuuddoo will not complain). In --ss (strict) mode these are
106: errors, not warnings.
107:
108: Warning: unused {User,Runas,Host,Cmnd}_Alias
109: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
110: used. You may wish to comment out or remove the unused alias. In
111: --ss (strict) mode this is an error, not a warning.
112:
113: Warning: cycle in {User,Runas,Host,Cmnd}_Alias
114: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
115: itself, either directly or through an alias it includes. This is
116: only a warning by default as ssuuddoo will ignore cycles when parsing
117: the _s_u_d_o_e_r_s file.
118:
119: SSEEEE AALLSSOO
120: _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(1m)
121:
122: AAUUTTHHOORR
1.1.1.2 ! misho 123: Many people have worked on ssuuddoo over the years; this version of vviissuuddoo
1.1 misho 124: was written by:
125:
126: Todd Miller
127:
1.1.1.2 ! misho 128: See the CONTRIBUTORS file in the ssuuddoo distribution
! 129: (http://www.sudo.ws/sudo/contributors.html) for a list of people who
! 130: have contributed to ssuuddoo.
1.1 misho 131:
132: CCAAVVEEAATTSS
133: There is no easy way to prevent a user from gaining a root shell if the
134: editor used by vviissuuddoo allows shell escapes.
135:
136: BBUUGGSS
137: If you feel you have found a bug in vviissuuddoo, please submit a bug report
138: at http://www.sudo.ws/sudo/bugs/
139:
140: SSUUPPPPOORRTT
141: Limited free support is available via the sudo-users mailing list, see
142: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
143: the archives.
144:
145: DDIISSCCLLAAIIMMEERR
146: vviissuuddoo is provided ``AS IS'' and any express or implied warranties,
147: including, but not limited to, the implied warranties of
148: merchantability and fitness for a particular purpose are disclaimed.
149: See the LICENSE file distributed with ssuuddoo or
150: http://www.sudo.ws/sudo/license.html for complete details.
151:
152:
153:
1.1.1.2 ! misho 154: 1.8.5 March 14, 2012 VISUDO(1m)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>