1: .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
2: .\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in
3: .\"
4: .\" Copyright (c) 1996,1998-2005, 2007-2012
5: .\" Todd C. Miller <Todd.Miller@courtesan.com>
6: .\"
7: .\" Permission to use, copy, modify, and distribute this software for any
8: .\" purpose with or without fee is hereby granted, provided that the above
9: .\" copyright notice and this permission notice appear in all copies.
10: .\"
11: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
19: .\"
20: .\" Sponsored in part by the Defense Advanced Research Projects
21: .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
22: .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
23: .\"
24: .TH "VISUDO" "@mansectsu@" "July 12, 2012" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
25: .nh
26: .if n .ad l
27: .SH "NAME"
28: \fBvisudo\fR
29: \- edit the sudoers file
30: .SH "SYNOPSIS"
31: .HP 7n
32: \fBvisudo\fR
33: [\fB\-chqsV\fR]
34: [\fB\-f\fR\ \fIsudoers\fR]
35: .SH "DESCRIPTION"
36: \fBvisudo\fR
37: edits the
38: \fIsudoers\fR
39: file in a safe fashion, analogous to
40: vipw(@mansectsu@).
41: \fBvisudo\fR
42: locks the
43: \fIsudoers\fR
44: file against multiple simultaneous edits, provides basic sanity checks,
45: and checks for parse errors.
46: If the
47: \fIsudoers\fR
48: file is currently being edited you will receive a message to try again later.
49: .PP
50: There is a hard-coded list of one or more editors that
51: \fBvisudo\fR
52: will use set at compile-time that may be overridden via the
53: \fIeditor\fR
54: \fIsudoers\fR
55: \fRDefault\fR
56: variable.
57: This list defaults to
58: \fR@editor@\fR.
59: Normally,
60: \fBvisudo\fR
61: does not honor the
62: \fRVISUAL\fR
63: or
64: \fREDITOR\fR
65: environment variables unless they contain an editor in the aforementioned
66: editors list.
67: However, if
68: \fBvisudo\fR
69: is configured with the
70: \fR--with-env-editor\fR
71: option or the
72: \fIenv_editor\fR
73: \fRDefault\fR
74: variable is set in
75: \fIsudoers\fR,
76: \fBvisudo\fR
77: will use any the editor defines by
78: \fRVISUAL\fR
79: or
80: \fREDITOR\fR.
81: Note that this can be a security hole since it allows the user to
82: execute any program they wish simply by setting
83: \fRVISUAL\fR
84: or
85: \fREDITOR\fR.
86: .PP
87: \fBvisudo\fR
88: parses the
89: \fIsudoers\fR
90: file after the edit and will
91: not save the changes if there is a syntax error.
92: Upon finding an error,
93: \fBvisudo\fR
94: will print a message stating the line number(s)
95: where the error occurred and the user will receive the
96: ``What now?''
97: prompt.
98: At this point the user may enter
99: `e'
100: to re-edit the
101: \fIsudoers\fR
102: file,
103: `x'
104: to exit without saving the changes, or
105: `Q'
106: to quit and save changes.
107: The
108: `Q'
109: option should be used with extreme care because if
110: \fBvisudo\fR
111: believes there to be a parse error, so will
112: \fBsudo\fR
113: and no one
114: will be able to
115: \fBsudo\fR
116: again until the error is fixed.
117: If
118: `e'
119: is typed to edit the
120: \fIsudoers\fR
121: file after a parse error has been detected, the cursor will be placed on
122: the line where the error occurred (if the editor supports this feature).
123: .PP
124: The options are as follows:
125: .TP 12n
126: \fB\-c\fR
127: Enable
128: \fIcheck-only\fR
129: mode.
130: The existing
131: \fIsudoers\fR
132: file will be
133: checked for syntax errors, owner and mode.
134: A message will be printed to the standard output describing the status of
135: \fIsudoers\fR
136: unless the
137: \fB\-q\fR
138: option was specified.
139: If the check completes successfully,
140: \fBvisudo\fR
141: will exit with a value of 0.
142: If an error is encountered,
143: \fBvisudo\fR
144: will exit with a value of 1.
145: .TP 12n
146: \fB\-f\fR \fIsudoers\fR
147: .br
148: Specify and alternate
149: \fIsudoers\fR
150: file location.
151: With this option
152: \fBvisudo\fR
153: will edit (or check) the
154: \fIsudoers\fR
155: file of your choice,
156: instead of the default,
157: \fI@sysconfdir@/sudoers\fR.
158: The lock file used is the specified
159: \fIsudoers\fR
160: file with
161: ``\.tmp''
162: appended to it.
163: In
164: \fIcheck-only\fR
165: mode only, the argument to
166: \fB\-f\fR
167: may be
168: `-',
169: indicating that
170: \fIsudoers\fR
171: will be read from the standard input.
172: .TP 12n
173: \fB\-h\fR
174: The
175: \fB\-h\fR (\fIhelp\fR)
176: option causes
177: \fBvisudo\fR
178: to print a short help message
179: to the standard output and exit.
180: .TP 12n
181: \fB\-q\fR
182: Enable
183: \fIquiet\fR
184: mode.
185: In this mode details about syntax errors are not printed.
186: This option is only useful when combined with
187: the
188: \fB\-c\fR
189: option.
190: .TP 12n
191: \fB\-s\fR
192: Enable
193: \fIstrict\fR
194: checking of the
195: \fIsudoers\fR
196: file.
197: If an alias is used before it is defined,
198: \fBvisudo\fR
199: will consider this a parse error.
200: Note that it is not possible to differentiate between an
201: alias and a host name or user name that consists solely of uppercase
202: letters, digits, and the underscore
203: (`_')
204: character.
205: .TP 12n
206: \fB\-V\fR
207: The
208: \fB\-V\fR (\fIversion\fR)
209: option causes
210: \fBvisudo\fR
211: to print its version number
212: and exit.
213: .SH "ENVIRONMENT"
214: The following environment variables may be consulted depending on
215: the value of the
216: \fIeditor\fR
217: and
218: \fIenv_editor\fR
219: \fIsudoers\fR
220: settings:
221: .TP 17n
222: \fRVISUAL\fR
223: Invoked by
224: \fBvisudo\fR
225: as the editor to use
226: .TP 17n
227: \fREDITOR\fR
228: Used by
229: \fBvisudo\fR
230: if
231: \fRVISUAL\fR
232: is not set
233: .SH "FILES"
234: .TP 26n
235: \fI@sysconfdir@/sudoers\fR
236: List of who can run what
237: .TP 26n
238: \fI@sysconfdir@/sudoers.tmp\fR
239: Lock file for visudo
240: .SH "DIAGNOSTICS"
241: .TP 6n
242: \fRsudoers file busy, try again later.\fR
243: Someone else is currently editing the
244: \fIsudoers\fR
245: file.
246: .TP 6n
247: \fR@sysconfdir@/sudoers.tmp: Permission denied\fR
248: You didn't run
249: \fBvisudo\fR
250: as root.
251: .TP 6n
252: \fRCan't find you in the passwd database\fR
253: Your user ID does not appear in the system passwd file.
254: .TP 6n
255: \fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR
256: Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
257: or you have a user or host name listed that consists solely of
258: uppercase letters, digits, and the underscore
259: (`_')
260: character.
261: In the latter case, you can ignore the warnings
262: (\fBsudo\fR
263: will not complain)
264: \&.
265: In
266: \fB\-s\fR
267: (strict) mode these are errors, not warnings.
268: .TP 6n
269: \fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR
270: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
271: used.
272: You may wish to comment out or remove the unused alias.
273: In
274: \fB\-s\fR
275: (strict) mode this is an error, not a warning.
276: .TP 6n
277: \fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR
278: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
279: itself, either directly or through an alias it includes.
280: This is only a warning by default as
281: \fBsudo\fR
282: will ignore cycles when parsing
283: the
284: \fIsudoers\fR
285: file.
286: .SH "SEE ALSO"
287: vi(1),
288: sudoers(@mansectform@),
289: sudo(@mansectsu@),
290: vipw(@mansectsu@)
291: .SH "AUTHORS"
292: Many people have worked on
293: \fBsudo\fR
294: over the years; this version consists of code written primarily by:
295: .sp
296: .RS 6n
297: Todd C. Miller
298: .RE
299: .PP
300: See the CONTRIBUTORS file in the
301: \fBsudo\fR
302: distribution (http://www.sudo.ws/sudo/contributors.html) for an
303: exhaustive list of people who have contributed to
304: \fBsudo\fR.
305: .SH "CAVEATS"
306: There is no easy way to prevent a user from gaining a root shell if
307: the editor used by
308: \fBvisudo\fR
309: allows shell escapes.
310: .SH "BUGS"
311: If you feel you have found a bug in
312: \fBvisudo\fR,
313: please submit a bug report at http://www.sudo.ws/sudo/bugs/
314: .SH "SUPPORT"
315: Limited free support is available via the sudo-users mailing list,
316: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
317: search the archives.
318: .SH "DISCLAIMER"
319: \fBvisudo\fR
320: is provided
321: ``AS IS''
322: and any express or implied warranties, including, but not limited
323: to, the implied warranties of merchantability and fitness for a
324: particular purpose are disclaimed.
325: See the LICENSE file distributed with
326: \fBsudo\fR
327: or http://www.sudo.ws/sudo/license.html for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to visudo.man.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc