1: VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
2:
3:
4:
5: N�NA�AM�ME�E
6: visudo - edit the sudoers file
7:
8: S�SY�YN�NO�OP�PS�SI�IS�S
9: v�vi�is�su�ud�do�o [-�-c�ch�hq�qs�sV�V] [-�-f�f _�s_�u_�d_�o_�e_�r_�s]
10:
11: D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
12: v�vi�is�su�ud�do�o edits the _�s_�u_�d_�o_�e_�r_�s file in a safe fashion, analogous to _�v_�i_�p_�w(1m).
13: v�vi�is�su�ud�do�o locks the _�s_�u_�d_�o_�e_�r_�s file against multiple simultaneous edits,
14: provides basic sanity checks, and checks for parse errors. If the
15: _�s_�u_�d_�o_�e_�r_�s file is currently being edited you will receive a message to
16: try again later.
17:
18: There is a hard-coded list of one or more editors that v�vi�is�su�ud�do�o will use
19: set at compile-time that may be overridden via the _�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s
20: Default variable. This list defaults to "vi". Normally, v�vi�is�su�ud�do�o does
21: not honor the VISUAL or EDITOR environment variables unless they
22: contain an editor in the aforementioned editors list. However, if
23: v�vi�is�su�ud�do�o is configured with the _�-_�-_�w_�i_�t_�h_�-_�e_�n_�v_�-_�e_�d_�i_�t_�o_�r option or the
24: _�e_�n_�v_�__�e_�d_�i_�t_�o_�r Default variable is set in _�s_�u_�d_�o_�e_�r_�s, v�vi�is�su�ud�do�o will use any the
25: editor defines by VISUAL or EDITOR. Note that this can be a security
26: hole since it allows the user to execute any program they wish simply
27: by setting VISUAL or EDITOR.
28:
29: v�vi�is�su�ud�do�o parses the _�s_�u_�d_�o_�e_�r_�s file after the edit and will not save the
30: changes if there is a syntax error. Upon finding an error, v�vi�is�su�ud�do�o will
31: print a message stating the line number(s) where the error occurred and
32: the user will receive the "What now?" prompt. At this point the user
33: may enter "e" to re-edit the _�s_�u_�d_�o_�e_�r_�s file, "x" to exit without saving
34: the changes, or "Q" to quit and save changes. The "Q" option should be
35: used with extreme care because if v�vi�is�su�ud�do�o believes there to be a parse
36: error, so will s�su�ud�do�o and no one will be able to s�su�ud�do�o again until the
37: error is fixed. If "e" is typed to edit the _�s_�u_�d_�o_�e_�r_�s file after a
38: parse error has been detected, the cursor will be placed on the line
39: where the error occurred (if the editor supports this feature).
40:
41: O�OP�PT�TI�IO�ON�NS�S
42: v�vi�is�su�ud�do�o accepts the following command line options:
43:
44: -c Enable c�ch�he�ec�ck�k-�-o�on�nl�ly�y mode. The existing _�s_�u_�d_�o_�e_�r_�s file will be
45: checked for syntax errors, owner and mode. A message will
46: be printed to the standard output describing the status of
47: _�s_�u_�d_�o_�e_�r_�s unless the -�-q�q option was specified. If the check
48: completes successfully, v�vi�is�su�ud�do�o will exit with a value of 0.
49: If an error is encountered, v�vi�is�su�ud�do�o will exit with a value
50: of 1.
51:
52: -f _�s_�u_�d_�o_�e_�r_�s Specify and alternate _�s_�u_�d_�o_�e_�r_�s file location. With this
53: option v�vi�is�su�ud�do�o will edit (or check) the _�s_�u_�d_�o_�e_�r_�s file of your
54: choice, instead of the default, _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s. The lock
55: file used is the specified _�s_�u_�d_�o_�e_�r_�s file with ".tmp"
56: appended to it. In c�ch�he�ec�ck�k-�-o�on�nl�ly�y mode only, the argument to
57: -�-f�f may be "-", indicating that _�s_�u_�d_�o_�e_�r_�s will be read from
58: the standard input.
59:
60: -h The -�-h�h (_�h_�e_�l_�p) option causes v�vi�is�su�ud�do�o to print a short help
61: message to the standard output and exit.
62:
63: -q Enable q�qu�ui�ie�et�t mode. In this mode details about syntax
64: errors are not printed. This option is only useful when
65: combined with the -�-c�c option.
66:
67: -s Enable s�st�tr�ri�ic�ct�t checking of the _�s_�u_�d_�o_�e_�r_�s file. If an alias is
68: used before it is defined, v�vi�is�su�ud�do�o will consider this a
69: parse error. Note that it is not possible to differentiate
70: between an alias and a host name or user name that consists
71: solely of uppercase letters, digits, and the underscore
72: ('_') character.
73:
74: -V The -�-V�V (version) option causes v�vi�is�su�ud�do�o to print its version
75: number and exit.
76:
77: E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T
78: The following environment variables may be consulted depending on the
79: value of the _�e_�d_�i_�t_�o_�r and _�e_�n_�v_�__�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s variables:
80:
81: VISUAL Invoked by visudo as the editor to use
82:
83: EDITOR Used by visudo if VISUAL is not set
84:
85: F�FI�IL�LE�ES�S
86: _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s List of who can run what
87:
88: _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s_�._�t_�m_�p Lock file for visudo
89:
90: D�DI�IA�AG�GN�NO�OS�ST�TI�IC�CS�S
91: sudoers file busy, try again later.
92: Someone else is currently editing the _�s_�u_�d_�o_�e_�r_�s file.
93:
94: /etc/sudoers.tmp: Permission denied
95: You didn't run v�vi�is�su�ud�do�o as root.
96:
97: Can't find you in the passwd database
98: Your userid does not appear in the system passwd file.
99:
100: Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
101: Either you are trying to use an undeclare
102: {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
103: that consists solely of uppercase letters, digits, and the
104: underscore ('_') character. In the latter case, you can ignore the
105: warnings (s�su�ud�do�o will not complain). In -�-s�s (strict) mode these are
106: errors, not warnings.
107:
108: Warning: unused {User,Runas,Host,Cmnd}_Alias
109: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
110: used. You may wish to comment out or remove the unused alias. In
111: -�-s�s (strict) mode this is an error, not a warning.
112:
113: Warning: cycle in {User,Runas,Host,Cmnd}_Alias
114: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
115: itself, either directly or through an alias it includes. This is
116: only a warning by default as s�su�ud�do�o will ignore cycles when parsing
117: the _�s_�u_�d_�o_�e_�r_�s file.
118:
119: S�SE�EE�E A�AL�LS�SO�O
120: _�v_�i(1), _�s_�u_�d_�o_�e_�r_�s(4), _�s_�u_�d_�o(1m), _�v_�i_�p_�w(1m)
121:
122: A�AU�UT�TH�HO�OR�R
123: Many people have worked on s�su�ud�do�o over the years; this version of v�vi�is�su�ud�do�o
124: was written by:
125:
126: Todd Miller
127:
128: See the CONTRIBUTORS file in the s�su�ud�do�o distribution
129: (http://www.sudo.ws/sudo/contributors.html) for a list of people who
130: have contributed to s�su�ud�do�o.
131:
132: C�CA�AV�VE�EA�AT�TS�S
133: There is no easy way to prevent a user from gaining a root shell if the
134: editor used by v�vi�is�su�ud�do�o allows shell escapes.
135:
136: B�BU�UG�GS�S
137: If you feel you have found a bug in v�vi�is�su�ud�do�o, please submit a bug report
138: at http://www.sudo.ws/sudo/bugs/
139:
140: S�SU�UP�PP�PO�OR�RT�T
141: Limited free support is available via the sudo-users mailing list, see
142: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search
143: the archives.
144:
145: D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
146: v�vi�is�su�ud�do�o is provided ``AS IS'' and any express or implied warranties,
147: including, but not limited to, the implied warranties of
148: merchantability and fitness for a particular purpose are disclaimed.
149: See the LICENSE file distributed with s�su�ud�do�o or
150: http://www.sudo.ws/sudo/license.html for complete details.
151:
152:
153:
154: 1.8.5 March 14, 2012 VISUDO(1m)
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to visudo.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc