1: .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
2: .\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in
3: .\"
4: .\" Copyright (c) 1996,1998-2005, 2007-2014
5: .\" Todd C. Miller <Todd.Miller@courtesan.com>
6: .\"
7: .\" Permission to use, copy, modify, and distribute this software for any
8: .\" purpose with or without fee is hereby granted, provided that the above
9: .\" copyright notice and this permission notice appear in all copies.
10: .\"
11: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
19: .\"
20: .\" Sponsored in part by the Defense Advanced Research Projects
21: .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
22: .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
23: .\"
24: .TH "VISUDO" "@mansectsu@" "February 15, 2014" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
25: .nh
26: .if n .ad l
27: .SH "NAME"
28: \fBvisudo\fR
29: \- edit the sudoers file
30: .SH "SYNOPSIS"
31: .HP 7n
32: \fBvisudo\fR
33: [\fB\-chqsV\fR]
34: [\fB\-f\fR\ \fIsudoers\fR]
35: [\fB\-x\fR\ \fIfile\fR]
36: .SH "DESCRIPTION"
37: \fBvisudo\fR
38: edits the
39: \fIsudoers\fR
40: file in a safe fashion, analogous to
41: vipw(@mansectsu@).
42: \fBvisudo\fR
43: locks the
44: \fIsudoers\fR
45: file against multiple simultaneous edits, provides basic sanity checks,
46: and checks for parse errors.
47: If the
48: \fIsudoers\fR
49: file is currently being edited you will receive a message to try again later.
50: .PP
51: There is a hard-coded list of one or more editors that
52: \fBvisudo\fR
53: will use set at compile-time that may be overridden via the
54: \fIeditor\fR
55: \fIsudoers\fR
56: \fRDefault\fR
57: variable.
58: This list defaults to
59: \fR@editor@\fR.
60: Normally,
61: \fBvisudo\fR
62: does not honor the
63: \fRVISUAL\fR
64: or
65: \fREDITOR\fR
66: environment variables unless they contain an editor in the aforementioned
67: editors list.
68: However, if
69: \fBvisudo\fR
70: is configured with the
71: \fR--with-env-editor\fR
72: option or the
73: \fIenv_editor\fR
74: \fRDefault\fR
75: variable is set in
76: \fIsudoers\fR,
77: \fBvisudo\fR
78: will use any the editor defines by
79: \fRVISUAL\fR
80: or
81: \fREDITOR\fR.
82: Note that this can be a security hole since it allows the user to
83: execute any program they wish simply by setting
84: \fRVISUAL\fR
85: or
86: \fREDITOR\fR.
87: .PP
88: \fBvisudo\fR
89: parses the
90: \fIsudoers\fR
91: file after the edit and will
92: not save the changes if there is a syntax error.
93: Upon finding an error,
94: \fBvisudo\fR
95: will print a message stating the line number(s)
96: where the error occurred and the user will receive the
97: \(lqWhat now?\(rq
98: prompt.
99: At this point the user may enter
100: \(oqe\(cq
101: to re-edit the
102: \fIsudoers\fR
103: file,
104: \(oqx\(cq
105: to exit without saving the changes, or
106: \(oqQ\(cq
107: to quit and save changes.
108: The
109: \(oqQ\(cq
110: option should be used with extreme care because if
111: \fBvisudo\fR
112: believes there to be a parse error, so will
113: \fBsudo\fR
114: and no one
115: will be able to
116: \fBsudo\fR
117: again until the error is fixed.
118: If
119: \(oqe\(cq
120: is typed to edit the
121: \fIsudoers\fR
122: file after a parse error has been detected, the cursor will be placed on
123: the line where the error occurred (if the editor supports this feature).
124: .PP
125: The options are as follows:
126: .TP 12n
127: \fB\-c\fR, \fB\--check\fR
128: Enable
129: \fIcheck-only\fR
130: mode.
131: The existing
132: \fIsudoers\fR
133: file will be
134: checked for syntax errors, owner and mode.
135: A message will be printed to the standard output describing the status of
136: \fIsudoers\fR
137: unless the
138: \fB\-q\fR
139: option was specified.
140: If the check completes successfully,
141: \fBvisudo\fR
142: will exit with a value of 0.
143: If an error is encountered,
144: \fBvisudo\fR
145: will exit with a value of 1.
146: .TP 12n
147: \fB\-f\fR \fIsudoers\fR, \fB\--file\fR=\fIsudoers\fR
148: Specify an alternate
149: \fIsudoers\fR
150: file location.
151: With this option,
152: \fBvisudo\fR
153: will edit (or check) the
154: \fIsudoers\fR
155: file of your choice,
156: instead of the default,
157: \fI@sysconfdir@/sudoers\fR.
158: The lock file used is the specified
159: \fIsudoers\fR
160: file with
161: \(lq\.tmp\(rq
162: appended to it.
163: In
164: \fIcheck-only\fR
165: mode only, the argument to
166: \fB\-f\fR
167: may be
168: \(oq-\(cq,
169: indicating that
170: \fIsudoers\fR
171: will be read from the standard input.
172: .TP 12n
173: \fB\-h\fR, \fB\--help\fR
174: Display a short help message to the standard output and exit.
175: .TP 12n
176: \fB\-q\fR, \fB\--quiet\fR
177: Enable
178: \fIquiet\fR
179: mode.
180: In this mode details about syntax errors are not printed.
181: This option is only useful when combined with
182: the
183: \fB\-c\fR
184: option.
185: .TP 12n
186: \fB\-s\fR, \fB\--strict\fR
187: Enable
188: \fIstrict\fR
189: checking of the
190: \fIsudoers\fR
191: file.
192: If an alias is used before it is defined,
193: \fBvisudo\fR
194: will consider this a parse error.
195: Note that it is not possible to differentiate between an
196: alias and a host name or user name that consists solely of uppercase
197: letters, digits, and the underscore
198: (\(oq_\(cq)
199: character.
200: .TP 12n
201: \fB\-V\fR, \fB\--version\fR
202: Print the
203: \fBvisudo\fR
204: and
205: \fIsudoers\fR
206: grammar versions and exit.
207: .TP 12n
208: \fB\-x\fR \fIfile\fR, \fB\--export\fR=\fIfile\fR
209: Export
210: \fIsudoers\fR
211: in JSON format and write it to
212: \fIfile\fR.
213: If
214: \fIfile\fR
215: is
216: \(oq-\(cq,
217: the exported
218: \fIsudoers\fR
219: policy will be written to the standard output.
220: The exported format is intended to be easier for third-party
221: applications to parse than the traditional
222: \fIsudoers\fR
223: format.
224: The various values have explicit types which removes much of the
225: ambiguity of the
226: \fIsudoers\fR
227: format.
228: .SH "ENVIRONMENT"
229: The following environment variables may be consulted depending on
230: the value of the
231: \fIeditor\fR
232: and
233: \fIenv_editor\fR
234: \fIsudoers\fR
235: settings:
236: .TP 17n
237: \fRVISUAL\fR
238: Invoked by
239: \fBvisudo\fR
240: as the editor to use
241: .TP 17n
242: \fREDITOR\fR
243: Used by
244: \fBvisudo\fR
245: if
246: \fRVISUAL\fR
247: is not set
248: .SH "FILES"
249: .TP 26n
250: \fI@sysconfdir@/sudoers\fR
251: List of who can run what
252: .TP 26n
253: \fI@sysconfdir@/sudoers.tmp\fR
254: Lock file for visudo
255: .SH "DIAGNOSTICS"
256: .TP 6n
257: \fRsudoers file busy, try again later.\fR
258: Someone else is currently editing the
259: \fIsudoers\fR
260: file.
261: .TP 6n
262: \fR@sysconfdir@/sudoers.tmp: Permission denied\fR
263: You didn't run
264: \fBvisudo\fR
265: as root.
266: .TP 6n
267: \fRCan't find you in the passwd database\fR
268: Your user ID does not appear in the system passwd file.
269: .TP 6n
270: \fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR
271: Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
272: or you have a user or host name listed that consists solely of
273: uppercase letters, digits, and the underscore
274: (\(oq_\(cq)
275: character.
276: In the latter case, you can ignore the warnings
277: (\fBsudo\fR
278: will not complain)
279: \&.
280: In
281: \fB\-s\fR
282: (strict) mode these are errors, not warnings.
283: .TP 6n
284: \fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR
285: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
286: used.
287: You may wish to comment out or remove the unused alias.
288: In
289: \fB\-s\fR
290: (strict) mode this is an error, not a warning.
291: .TP 6n
292: \fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR
293: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
294: itself, either directly or through an alias it includes.
295: This is only a warning by default as
296: \fBsudo\fR
297: will ignore cycles when parsing
298: the
299: \fIsudoers\fR
300: file.
301: .SH "SEE ALSO"
302: vi(1),
303: sudoers(@mansectform@),
304: sudo(@mansectsu@),
305: vipw(@mansectsu@)
306: .SH "AUTHORS"
307: Many people have worked on
308: \fBsudo\fR
309: over the years; this version consists of code written primarily by:
310: .sp
311: .RS 6n
312: Todd C. Miller
313: .RE
314: .PP
315: See the CONTRIBUTORS file in the
316: \fBsudo\fR
317: distribution (http://www.sudo.ws/sudo/contributors.html) for an
318: exhaustive list of people who have contributed to
319: \fBsudo\fR.
320: .SH "CAVEATS"
321: There is no easy way to prevent a user from gaining a root shell if
322: the editor used by
323: \fBvisudo\fR
324: allows shell escapes.
325: .SH "BUGS"
326: If you feel you have found a bug in
327: \fBvisudo\fR,
328: please submit a bug report at http://www.sudo.ws/sudo/bugs/
329: .SH "SUPPORT"
330: Limited free support is available via the sudo-users mailing list,
331: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
332: search the archives.
333: .SH "DISCLAIMER"
334: \fBvisudo\fR
335: is provided
336: \(lqAS IS\(rq
337: and any express or implied warranties, including, but not limited
338: to, the implied warranties of merchantability and fitness for a
339: particular purpose are disclaimed.
340: See the LICENSE file distributed with
341: \fBsudo\fR
342: or http://www.sudo.ws/sudo/license.html for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>