Annotation of embedaddon/sudo/doc/visudo.mdoc.in, revision 1.1
1.1 ! misho 1: .\"
! 2: .\" Copyright (c) 1996,1998-2005, 2007-2012
! 3: .\" Todd C. Miller <Todd.Miller@courtesan.com>
! 4: .\"
! 5: .\" Permission to use, copy, modify, and distribute this software for any
! 6: .\" purpose with or without fee is hereby granted, provided that the above
! 7: .\" copyright notice and this permission notice appear in all copies.
! 8: .\"
! 9: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 17: .\"
! 18: .\" Sponsored in part by the Defense Advanced Research Projects
! 19: .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
! 20: .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 21: .\"
! 22: .Dd July 12, 2012
! 23: .Dt VISUDO @mansectsu@
! 24: .Os Sudo @PACKAGE_VERSION@
! 25: .Sh NAME
! 26: .Nm visudo
! 27: .Nd edit the sudoers file
! 28: .Sh SYNOPSIS
! 29: .Nm visudo
! 30: .Op Fl chqsV
! 31: .Bk -words
! 32: .Op Fl f Ar sudoers
! 33: .Ek
! 34: .Sh DESCRIPTION
! 35: .Nm visudo
! 36: edits the
! 37: .Em sudoers
! 38: file in a safe fashion, analogous to
! 39: .Xr vipw @mansectsu@ .
! 40: .Nm visudo
! 41: locks the
! 42: .Em sudoers
! 43: file against multiple simultaneous edits, provides basic sanity checks,
! 44: and checks for parse errors.
! 45: If the
! 46: .Em sudoers
! 47: file is currently being edited you will receive a message to try again later.
! 48: .Pp
! 49: There is a hard-coded list of one or more editors that
! 50: .Nm visudo
! 51: will use set at compile-time that may be overridden via the
! 52: .Em editor
! 53: .Em sudoers
! 54: .Li Default
! 55: variable.
! 56: This list defaults to
! 57: .Li "@editor@" .
! 58: Normally,
! 59: .Nm visudo
! 60: does not honor the
! 61: .Ev VISUAL
! 62: or
! 63: .Ev EDITOR
! 64: environment variables unless they contain an editor in the aforementioned
! 65: editors list.
! 66: However, if
! 67: .Nm visudo
! 68: is configured with the
! 69: .Li --with-env-editor
! 70: option or the
! 71: .Em env_editor
! 72: .Li Default
! 73: variable is set in
! 74: .Em sudoers ,
! 75: .Nm visudo
! 76: will use any the editor defines by
! 77: .Ev VISUAL
! 78: or
! 79: .Ev EDITOR .
! 80: Note that this can be a security hole since it allows the user to
! 81: execute any program they wish simply by setting
! 82: .Ev VISUAL
! 83: or
! 84: .Ev EDITOR .
! 85: .Pp
! 86: .Nm visudo
! 87: parses the
! 88: .Em sudoers
! 89: file after the edit and will
! 90: not save the changes if there is a syntax error.
! 91: Upon finding an error,
! 92: .Nm visudo
! 93: will print a message stating the line number(s)
! 94: where the error occurred and the user will receive the
! 95: .Dq What now?
! 96: prompt.
! 97: At this point the user may enter
! 98: .Ql e
! 99: to re-edit the
! 100: .Em sudoers
! 101: file,
! 102: .Ql x
! 103: to exit without saving the changes, or
! 104: .Ql Q
! 105: to quit and save changes.
! 106: The
! 107: .Ql Q
! 108: option should be used with extreme care because if
! 109: .Nm visudo
! 110: believes there to be a parse error, so will
! 111: .Nm sudo
! 112: and no one
! 113: will be able to
! 114: .Nm sudo
! 115: again until the error is fixed.
! 116: If
! 117: .Ql e
! 118: is typed to edit the
! 119: .Em sudoers
! 120: file after a parse error has been detected, the cursor will be placed on
! 121: the line where the error occurred (if the editor supports this feature).
! 122: .Pp
! 123: The options are as follows:
! 124: .Bl -tag -width Fl
! 125: .It Fl c
! 126: Enable
! 127: .Em check-only
! 128: mode.
! 129: The existing
! 130: .Em sudoers
! 131: file will be
! 132: checked for syntax errors, owner and mode.
! 133: A message will be printed to the standard output describing the status of
! 134: .Em sudoers
! 135: unless the
! 136: .Fl q
! 137: option was specified.
! 138: If the check completes successfully,
! 139: .Nm visudo
! 140: will exit with a value of 0.
! 141: If an error is encountered,
! 142: .Nm visudo
! 143: will exit with a value of 1.
! 144: .It Fl f Ar sudoers
! 145: Specify and alternate
! 146: .Em sudoers
! 147: file location.
! 148: With this option
! 149: .Nm visudo
! 150: will edit (or check) the
! 151: .Em sudoers
! 152: file of your choice,
! 153: instead of the default,
! 154: .Pa @sysconfdir@/sudoers .
! 155: The lock file used is the specified
! 156: .Em sudoers
! 157: file with
! 158: .Dq \.tmp
! 159: appended to it.
! 160: In
! 161: .Em check-only
! 162: mode only, the argument to
! 163: .Fl f
! 164: may be
! 165: .Ql - ,
! 166: indicating that
! 167: .Em sudoers
! 168: will be read from the standard input.
! 169: .It Fl h
! 170: The
! 171: .Fl h No ( Em help Ns No )
! 172: option causes
! 173: .Nm visudo
! 174: to print a short help message
! 175: to the standard output and exit.
! 176: .It Fl q
! 177: Enable
! 178: .Em quiet
! 179: mode.
! 180: In this mode details about syntax errors are not printed.
! 181: This option is only useful when combined with
! 182: the
! 183: .Fl c
! 184: option.
! 185: .It Fl s
! 186: Enable
! 187: .Em strict
! 188: checking of the
! 189: .Em sudoers
! 190: file.
! 191: If an alias is used before it is defined,
! 192: .Nm visudo
! 193: will consider this a parse error.
! 194: Note that it is not possible to differentiate between an
! 195: alias and a host name or user name that consists solely of uppercase
! 196: letters, digits, and the underscore
! 197: .Pq Ql _
! 198: character.
! 199: .It Fl V
! 200: The
! 201: .Fl V ( Em version Ns No )
! 202: option causes
! 203: .Nm visudo
! 204: to print its version number
! 205: and exit.
! 206: .El
! 207: .Sh ENVIRONMENT
! 208: The following environment variables may be consulted depending on
! 209: the value of the
! 210: .Em editor
! 211: and
! 212: .Em env_editor
! 213: .Em sudoers
! 214: settings:
! 215: .Bl -tag -width 15n
! 216: .It Ev VISUAL
! 217: Invoked by
! 218: .Nm visudo
! 219: as the editor to use
! 220: .It Ev EDITOR
! 221: Used by
! 222: .Nm visudo
! 223: if
! 224: .Ev VISUAL
! 225: is not set
! 226: .El
! 227: .Sh FILES
! 228: .Bl -tag -width 24n
! 229: .It Pa @sysconfdir@/sudoers
! 230: List of who can run what
! 231: .It Pa @sysconfdir@/sudoers.tmp
! 232: Lock file for visudo
! 233: .El
! 234: .Sh DIAGNOSTICS
! 235: .Bl -tag -width 4n
! 236: .It Li sudoers file busy, try again later.
! 237: Someone else is currently editing the
! 238: .Em sudoers
! 239: file.
! 240: .It Li @sysconfdir@/sudoers.tmp: Permission denied
! 241: You didn't run
! 242: .Nm visudo
! 243: as root.
! 244: .It Li Can't find you in the passwd database
! 245: Your user ID does not appear in the system passwd file.
! 246: .It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
! 247: Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
! 248: or you have a user or host name listed that consists solely of
! 249: uppercase letters, digits, and the underscore
! 250: .Pq Ql _
! 251: character.
! 252: In the latter case, you can ignore the warnings
! 253: .Po
! 254: .Nm sudo
! 255: will not complain
! 256: .Pc .
! 257: In
! 258: .Fl s
! 259: (strict) mode these are errors, not warnings.
! 260: .It Li Warning: unused {User,Runas,Host,Cmnd}_Alias
! 261: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
! 262: used.
! 263: You may wish to comment out or remove the unused alias.
! 264: In
! 265: .Fl s
! 266: (strict) mode this is an error, not a warning.
! 267: .It Li Warning: cycle in {User,Runas,Host,Cmnd}_Alias
! 268: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
! 269: itself, either directly or through an alias it includes.
! 270: This is only a warning by default as
! 271: .Nm sudo
! 272: will ignore cycles when parsing
! 273: the
! 274: .Em sudoers
! 275: file.
! 276: .El
! 277: .Sh SEE ALSO
! 278: .Xr vi 1 ,
! 279: .Xr sudoers @mansectform@ ,
! 280: .Xr sudo @mansectsu@ ,
! 281: .Xr vipw @mansectsu@
! 282: .Sh AUTHORS
! 283: Many people have worked on
! 284: .Nm sudo
! 285: over the years; this version consists of code written primarily by:
! 286: .Bd -ragged -offset indent
! 287: Todd C. Miller
! 288: .Ed
! 289: .Pp
! 290: See the CONTRIBUTORS file in the
! 291: .Nm sudo
! 292: distribution (http://www.sudo.ws/sudo/contributors.html) for an
! 293: exhaustive list of people who have contributed to
! 294: .Nm sudo .
! 295: .Sh CAVEATS
! 296: There is no easy way to prevent a user from gaining a root shell if
! 297: the editor used by
! 298: .Nm visudo
! 299: allows shell escapes.
! 300: .Sh BUGS
! 301: If you feel you have found a bug in
! 302: .Nm visudo ,
! 303: please submit a bug report at http://www.sudo.ws/sudo/bugs/
! 304: .Sh SUPPORT
! 305: Limited free support is available via the sudo-users mailing list,
! 306: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
! 307: search the archives.
! 308: .Sh DISCLAIMER
! 309: .Nm visudo
! 310: is provided
! 311: .Dq AS IS
! 312: and any express or implied warranties, including, but not limited
! 313: to, the implied warranties of merchantability and fitness for a
! 314: particular purpose are disclaimed.
! 315: See the LICENSE file distributed with
! 316: .Nm sudo
! 317: or http://www.sudo.ws/sudo/license.html for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to visudo.mdoc.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc