embedaddon/sudo/doc/visudo.cat - view

File: [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc / visudo.cat
Revision 1.1.1.6 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Sun Jun 15 16:12:54 2014 UTC (10 years ago) by misho
Branches: sudo, MAIN
CVS tags: v1_8_10p3_0, v1_8_10p3, HEAD

sudo v 1.8.10p3

1: VISUDO(1m) System Manager's Manual VISUDO(1m) 2: 3: NNAAMMEE 4: vviissuuddoo - edit the sudoers file 5: 6: SSYYNNOOPPSSIISS 7: vviissuuddoo [--cchhqqssVV] [--ff _s_u_d_o_e_r_s] [--xx _f_i_l_e] 8: 9: DDEESSCCRRIIPPTTIIOONN 10: vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to vipw(1m). 11: vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, 12: provides basic sanity checks, and checks for parse errors. If the 13: _s_u_d_o_e_r_s file is currently being edited you will receive a message to try 14: again later. 15: 16: There is a hard-coded list of one or more editors that vviissuuddoo will use 17: set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s Default 18: variable. This list defaults to vi. Normally, vviissuuddoo does not honor the 19: VISUAL or EDITOR environment variables unless they contain an editor in 20: the aforementioned editors list. However, if vviissuuddoo is configured with 21: the --with-env-editor option or the _e_n_v___e_d_i_t_o_r Default variable is set in 22: _s_u_d_o_e_r_s, vviissuuddoo will use any the editor defines by VISUAL or EDITOR. 23: Note that this can be a security hole since it allows the user to execute 24: any program they wish simply by setting VISUAL or EDITOR. 25: 26: vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the 27: changes if there is a syntax error. Upon finding an error, vviissuuddoo will 28: print a message stating the line number(s) where the error occurred and 29: the user will receive the ``What now?'' prompt. At this point the user 30: may enter `e' to re-edit the _s_u_d_o_e_r_s file, `x' to exit without saving the 31: changes, or `Q' to quit and save changes. The `Q' option should be used 32: with extreme care because if vviissuuddoo believes there to be a parse error, 33: so will ssuuddoo and no one will be able to ssuuddoo again until the error is 34: fixed. If `e' is typed to edit the _s_u_d_o_e_r_s file after a parse error has 35: been detected, the cursor will be placed on the line where the error 36: occurred (if the editor supports this feature). 37: 38: The options are as follows: 39: 40: --cc, ----cchheecckk 41: Enable _c_h_e_c_k_-_o_n_l_y mode. The existing _s_u_d_o_e_r_s file will be 42: checked for syntax errors, owner and mode. A message will be 43: printed to the standard output describing the status of 44: _s_u_d_o_e_r_s unless the --qq option was specified. If the check 45: completes successfully, vviissuuddoo will exit with a value of 0. 46: If an error is encountered, vviissuuddoo will exit with a value of 47: 1. 48: 49: --ff _s_u_d_o_e_r_s, ----ffiillee=_s_u_d_o_e_r_s 50: Specify an alternate _s_u_d_o_e_r_s file location. With this 51: option, vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your 52: choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock file 53: used is the specified _s_u_d_o_e_r_s file with ``.tmp'' appended to 54: it. In _c_h_e_c_k_-_o_n_l_y mode only, the argument to --ff may be `-', 55: indicating that _s_u_d_o_e_r_s will be read from the standard input. 56: 57: --hh, ----hheellpp Display a short help message to the standard output and exit. 58: 59: --qq, ----qquuiieett 60: Enable _q_u_i_e_t mode. In this mode details about syntax errors 61: are not printed. This option is only useful when combined 62: with the --cc option. 63: 64: --ss, ----ssttrriicctt 65: Enable _s_t_r_i_c_t checking of the _s_u_d_o_e_r_s file. If an alias is 66: used before it is defined, vviissuuddoo will consider this a parse 67: error. Note that it is not possible to differentiate between 68: an alias and a host name or user name that consists solely of 69: uppercase letters, digits, and the underscore (`_') 70: character. 71: 72: --VV, ----vveerrssiioonn 73: Print the vviissuuddoo and _s_u_d_o_e_r_s grammar versions and exit. 74: 75: --xx _f_i_l_e, ----eexxppoorrtt=_f_i_l_e 76: Export _s_u_d_o_e_r_s in JSON format and write it to _f_i_l_e. If _f_i_l_e 77: is `-', the exported _s_u_d_o_e_r_s policy will be written to the 78: standard output. The exported format is intended to be 79: easier for third-party applications to parse than the 80: traditional _s_u_d_o_e_r_s format. The various values have explicit 81: types which removes much of the ambiguity of the _s_u_d_o_e_r_s 82: format. 83: 84: EENNVVIIRROONNMMEENNTT 85: The following environment variables may be consulted depending on the 86: value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s settings: 87: 88: VISUAL Invoked by vviissuuddoo as the editor to use 89: 90: EDITOR Used by vviissuuddoo if VISUAL is not set 91: 92: FFIILLEESS 93: _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what 94: 95: _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo 96: 97: DDIIAAGGNNOOSSTTIICCSS 98: sudoers file busy, try again later. 99: Someone else is currently editing the _s_u_d_o_e_r_s file. 100: 101: /etc/sudoers.tmp: Permission denied 102: You didn't run vviissuuddoo as root. 103: 104: Can't find you in the passwd database 105: Your user ID does not appear in the system passwd file. 106: 107: Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined 108: Either you are trying to use an undeclared 109: {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed 110: that consists solely of uppercase letters, digits, and the 111: underscore (`_') character. In the latter case, you can ignore the 112: warnings (ssuuddoo will not complain). In --ss (strict) mode these are 113: errors, not warnings. 114: 115: Warning: unused {User,Runas,Host,Cmnd}_Alias 116: The specified {User,Runas,Host,Cmnd}_Alias was defined but never 117: used. You may wish to comment out or remove the unused alias. In 118: --ss (strict) mode this is an error, not a warning. 119: 120: Warning: cycle in {User,Runas,Host,Cmnd}_Alias 121: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to 122: itself, either directly or through an alias it includes. This is 123: only a warning by default as ssuuddoo will ignore cycles when parsing 124: the _s_u_d_o_e_r_s file. 125: 126: SSEEEE AALLSSOO 127: vi(1), sudoers(4), sudo(1m), vipw(1m) 128: 129: AAUUTTHHOORRSS 130: Many people have worked on ssuuddoo over the years; this version consists of 131: code written primarily by: 132: 133: Todd C. Miller 134: 135: See the CONTRIBUTORS file in the ssuuddoo distribution 136: (http://www.sudo.ws/sudo/contributors.html) for an exhaustive list of 137: people who have contributed to ssuuddoo. 138: 139: CCAAVVEEAATTSS 140: There is no easy way to prevent a user from gaining a root shell if the 141: editor used by vviissuuddoo allows shell escapes. 142: 143: BBUUGGSS 144: If you feel you have found a bug in vviissuuddoo, please submit a bug report at 145: http://www.sudo.ws/sudo/bugs/ 146: 147: SSUUPPPPOORRTT 148: Limited free support is available via the sudo-users mailing list, see 149: http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search the 150: archives. 151: 152: DDIISSCCLLAAIIMMEERR 153: vviissuuddoo is provided ``AS IS'' and any express or implied warranties, 154: including, but not limited to, the implied warranties of merchantability 155: and fitness for a particular purpose are disclaimed. See the LICENSE 156: file distributed with ssuuddoo or http://www.sudo.ws/sudo/license.html for 157: complete details. 158: 159: Sudo 1.8.10 February 15, 2014 Sudo 1.8.10