1: VISUDO(1m) System Manager's Manual VISUDO(1m)
2:
3: N�NA�AM�ME�E
4: v�vi�is�su�ud�do�o - edit the sudoers file
5:
6: S�SY�YN�NO�OP�PS�SI�IS�S
7: v�vi�is�su�ud�do�o [-�-c�ch�hq�qs�sV�V] [-�-f�f _�s_�u_�d_�o_�e_�r_�s]
8:
9: D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
10: v�vi�is�su�ud�do�o edits the _�s_�u_�d_�o_�e_�r_�s file in a safe fashion, analogous to vipw(1m).
11: v�vi�is�su�ud�do�o locks the _�s_�u_�d_�o_�e_�r_�s file against multiple simultaneous edits,
12: provides basic sanity checks, and checks for parse errors. If the
13: _�s_�u_�d_�o_�e_�r_�s file is currently being edited you will receive a message to try
14: again later.
15:
16: There is a hard-coded list of one or more editors that v�vi�is�su�ud�do�o will use
17: set at compile-time that may be overridden via the _�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s Default
18: variable. This list defaults to vi. Normally, v�vi�is�su�ud�do�o does not honor the
19: VISUAL or EDITOR environment variables unless they contain an editor in
20: the aforementioned editors list. However, if v�vi�is�su�ud�do�o is configured with
21: the --with-env-editor option or the _�e_�n_�v_�__�e_�d_�i_�t_�o_�r Default variable is set in
22: _�s_�u_�d_�o_�e_�r_�s, v�vi�is�su�ud�do�o will use any the editor defines by VISUAL or EDITOR.
23: Note that this can be a security hole since it allows the user to execute
24: any program they wish simply by setting VISUAL or EDITOR.
25:
26: v�vi�is�su�ud�do�o parses the _�s_�u_�d_�o_�e_�r_�s file after the edit and will not save the
27: changes if there is a syntax error. Upon finding an error, v�vi�is�su�ud�do�o will
28: print a message stating the line number(s) where the error occurred and
29: the user will receive the ``What now?'' prompt. At this point the user
30: may enter `e' to re-edit the _�s_�u_�d_�o_�e_�r_�s file, `x' to exit without saving the
31: changes, or `Q' to quit and save changes. The `Q' option should be used
32: with extreme care because if v�vi�is�su�ud�do�o believes there to be a parse error,
33: so will s�su�ud�do�o and no one will be able to s�su�ud�do�o again until the error is
34: fixed. If `e' is typed to edit the _�s_�u_�d_�o_�e_�r_�s file after a parse error has
35: been detected, the cursor will be placed on the line where the error
36: occurred (if the editor supports this feature).
37:
38: The options are as follows:
39:
40: -�-c�c Enable _�c_�h_�e_�c_�k_�-_�o_�n_�l_�y mode. The existing _�s_�u_�d_�o_�e_�r_�s file will be
41: checked for syntax errors, owner and mode. A message will be
42: printed to the standard output describing the status of
43: _�s_�u_�d_�o_�e_�r_�s unless the -�-q�q option was specified. If the check
44: completes successfully, v�vi�is�su�ud�do�o will exit with a value of 0.
45: If an error is encountered, v�vi�is�su�ud�do�o will exit with a value of
46: 1.
47:
48: -�-f�f _�s_�u_�d_�o_�e_�r_�s Specify and alternate _�s_�u_�d_�o_�e_�r_�s file location. With this
49: option v�vi�is�su�ud�do�o will edit (or check) the _�s_�u_�d_�o_�e_�r_�s file of your
50: choice, instead of the default, _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s. The lock file
51: used is the specified _�s_�u_�d_�o_�e_�r_�s file with ``.tmp'' appended to
52: it. In _�c_�h_�e_�c_�k_�-_�o_�n_�l_�y mode only, the argument to -�-f�f may be `-',
53: indicating that _�s_�u_�d_�o_�e_�r_�s will be read from the standard input.
54:
55: -�-h�h The -�-h�h (_�h_�e_�l_�p) option causes v�vi�is�su�ud�do�o to print a short help
56: message to the standard output and exit.
57:
58: -�-q�q Enable _�q_�u_�i_�e_�t mode. In this mode details about syntax errors
59: are not printed. This option is only useful when combined
60: with the -�-c�c option.
61:
62: -�-s�s Enable _�s_�t_�r_�i_�c_�t checking of the _�s_�u_�d_�o_�e_�r_�s file. If an alias is
63: used before it is defined, v�vi�is�su�ud�do�o will consider this a parse
64: error. Note that it is not possible to differentiate between
65: an alias and a host name or user name that consists solely of
66: uppercase letters, digits, and the underscore (`_')
67: character.
68:
69: -�-V�V The -�-V�V (_�v_�e_�r_�s_�i_�o_�n) option causes v�vi�is�su�ud�do�o to print its version
70: number and exit.
71:
72: E�EN�NV�VI�IR�RO�ON�NM�ME�EN�NT�T
73: The following environment variables may be consulted depending on the
74: value of the _�e_�d_�i_�t_�o_�r and _�e_�n_�v_�__�e_�d_�i_�t_�o_�r _�s_�u_�d_�o_�e_�r_�s settings:
75:
76: VISUAL Invoked by v�vi�is�su�ud�do�o as the editor to use
77:
78: EDITOR Used by v�vi�is�su�ud�do�o if VISUAL is not set
79:
80: F�FI�IL�LE�ES�S
81: _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s List of who can run what
82:
83: _�/_�e_�t_�c_�/_�s_�u_�d_�o_�e_�r_�s_�._�t_�m_�p Lock file for visudo
84:
85: D�DI�IA�AG�GN�NO�OS�ST�TI�IC�CS�S
86: sudoers file busy, try again later.
87: Someone else is currently editing the _�s_�u_�d_�o_�e_�r_�s file.
88:
89: /etc/sudoers.tmp: Permission denied
90: You didn't run v�vi�is�su�ud�do�o as root.
91:
92: Can't find you in the passwd database
93: Your user ID does not appear in the system passwd file.
94:
95: Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
96: Either you are trying to use an undeclared
97: {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed
98: that consists solely of uppercase letters, digits, and the
99: underscore (`_') character. In the latter case, you can ignore the
100: warnings (s�su�ud�do�o will not complain). In -�-s�s (strict) mode these are
101: errors, not warnings.
102:
103: Warning: unused {User,Runas,Host,Cmnd}_Alias
104: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
105: used. You may wish to comment out or remove the unused alias. In
106: -�-s�s (strict) mode this is an error, not a warning.
107:
108: Warning: cycle in {User,Runas,Host,Cmnd}_Alias
109: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
110: itself, either directly or through an alias it includes. This is
111: only a warning by default as s�su�ud�do�o will ignore cycles when parsing
112: the _�s_�u_�d_�o_�e_�r_�s file.
113:
114: S�SE�EE�E A�AL�LS�SO�O
115: vi(1), sudoers(4), sudo(1m), vipw(1m)
116:
117: A�AU�UT�TH�HO�OR�RS�S
118: Many people have worked on s�su�ud�do�o over the years; this version consists of
119: code written primarily by:
120:
121: Todd C. Miller
122:
123: See the CONTRIBUTORS file in the s�su�ud�do�o distribution
124: (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of
125: people who have contributed to s�su�ud�do�o.
126:
127: C�CA�AV�VE�EA�AT�TS�S
128: There is no easy way to prevent a user from gaining a root shell if the
129: editor used by v�vi�is�su�ud�do�o allows shell escapes.
130:
131: B�BU�UG�GS�S
132: If you feel you have found a bug in v�vi�is�su�ud�do�o, please submit a bug report at
133: http://www.sudo.ws/sudo/bugs/
134:
135: S�SU�UP�PP�PO�OR�RT�T
136: Limited free support is available via the sudo-users mailing list, see
137: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the
138: archives.
139:
140: D�DI�IS�SC�CL�LA�AI�IM�ME�ER�R
141: v�vi�is�su�ud�do�o is provided ``AS IS'' and any express or implied warranties,
142: including, but not limited to, the implied warranties of merchantability
143: and fitness for a particular purpose are disclaimed. See the LICENSE
144: file distributed with s�su�ud�do�o or http://www.sudo.ws/sudo/license.html for
145: complete details.
146:
147: Sudo 1.8.6 July 12, 2012 Sudo 1.8.6
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to visudo.cat CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc