Annotation of embedaddon/sudo/doc/visudo.mdoc.in, revision 1.1.1.3
1.1 misho 1: .\"
1.1.1.3 ! misho 2: .\" Copyright (c) 1996,1998-2005, 2007-2013
1.1 misho 3: .\" Todd C. Miller <Todd.Miller@courtesan.com>
4: .\"
5: .\" Permission to use, copy, modify, and distribute this software for any
6: .\" purpose with or without fee is hereby granted, provided that the above
7: .\" copyright notice and this permission notice appear in all copies.
8: .\"
9: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
17: .\"
18: .\" Sponsored in part by the Defense Advanced Research Projects
19: .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
20: .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
21: .\"
1.1.1.3 ! misho 22: .Dd August 14, 2013
1.1 misho 23: .Dt VISUDO @mansectsu@
24: .Os Sudo @PACKAGE_VERSION@
25: .Sh NAME
26: .Nm visudo
27: .Nd edit the sudoers file
28: .Sh SYNOPSIS
29: .Nm visudo
30: .Op Fl chqsV
31: .Bk -words
32: .Op Fl f Ar sudoers
33: .Ek
34: .Sh DESCRIPTION
35: .Nm visudo
36: edits the
37: .Em sudoers
38: file in a safe fashion, analogous to
39: .Xr vipw @mansectsu@ .
40: .Nm visudo
41: locks the
42: .Em sudoers
43: file against multiple simultaneous edits, provides basic sanity checks,
44: and checks for parse errors.
45: If the
46: .Em sudoers
47: file is currently being edited you will receive a message to try again later.
48: .Pp
49: There is a hard-coded list of one or more editors that
50: .Nm visudo
51: will use set at compile-time that may be overridden via the
52: .Em editor
53: .Em sudoers
54: .Li Default
55: variable.
56: This list defaults to
57: .Li "@editor@" .
58: Normally,
59: .Nm visudo
60: does not honor the
61: .Ev VISUAL
62: or
63: .Ev EDITOR
64: environment variables unless they contain an editor in the aforementioned
65: editors list.
66: However, if
67: .Nm visudo
68: is configured with the
69: .Li --with-env-editor
70: option or the
71: .Em env_editor
72: .Li Default
73: variable is set in
74: .Em sudoers ,
75: .Nm visudo
76: will use any the editor defines by
77: .Ev VISUAL
78: or
79: .Ev EDITOR .
80: Note that this can be a security hole since it allows the user to
81: execute any program they wish simply by setting
82: .Ev VISUAL
83: or
84: .Ev EDITOR .
85: .Pp
86: .Nm visudo
87: parses the
88: .Em sudoers
89: file after the edit and will
90: not save the changes if there is a syntax error.
91: Upon finding an error,
92: .Nm visudo
93: will print a message stating the line number(s)
94: where the error occurred and the user will receive the
95: .Dq What now?
96: prompt.
97: At this point the user may enter
98: .Ql e
99: to re-edit the
100: .Em sudoers
101: file,
102: .Ql x
103: to exit without saving the changes, or
104: .Ql Q
105: to quit and save changes.
106: The
107: .Ql Q
108: option should be used with extreme care because if
109: .Nm visudo
110: believes there to be a parse error, so will
111: .Nm sudo
112: and no one
113: will be able to
114: .Nm sudo
115: again until the error is fixed.
116: If
117: .Ql e
118: is typed to edit the
119: .Em sudoers
120: file after a parse error has been detected, the cursor will be placed on
121: the line where the error occurred (if the editor supports this feature).
122: .Pp
123: The options are as follows:
124: .Bl -tag -width Fl
1.1.1.3 ! misho 125: .It Fl c , -check
1.1 misho 126: Enable
127: .Em check-only
128: mode.
129: The existing
130: .Em sudoers
131: file will be
132: checked for syntax errors, owner and mode.
133: A message will be printed to the standard output describing the status of
134: .Em sudoers
135: unless the
136: .Fl q
137: option was specified.
138: If the check completes successfully,
139: .Nm visudo
140: will exit with a value of 0.
141: If an error is encountered,
142: .Nm visudo
143: will exit with a value of 1.
1.1.1.3 ! misho 144: .It Fl f Ar sudoers , Fl -file Ns No = Ns Ar sudoers
1.1.1.2 misho 145: Specify an alternate
1.1 misho 146: .Em sudoers
147: file location.
1.1.1.3 ! misho 148: With this option,
1.1 misho 149: .Nm visudo
150: will edit (or check) the
151: .Em sudoers
152: file of your choice,
153: instead of the default,
154: .Pa @sysconfdir@/sudoers .
155: The lock file used is the specified
156: .Em sudoers
157: file with
158: .Dq \.tmp
159: appended to it.
160: In
161: .Em check-only
162: mode only, the argument to
163: .Fl f
164: may be
165: .Ql - ,
166: indicating that
167: .Em sudoers
168: will be read from the standard input.
1.1.1.3 ! misho 169: .It Fl h , -help
! 170: Display a short help message to the standard output and exit.
! 171: .It Fl q , -quiet
1.1 misho 172: Enable
173: .Em quiet
174: mode.
175: In this mode details about syntax errors are not printed.
176: This option is only useful when combined with
177: the
178: .Fl c
179: option.
1.1.1.3 ! misho 180: .It Fl s , -strict
1.1 misho 181: Enable
182: .Em strict
183: checking of the
184: .Em sudoers
185: file.
186: If an alias is used before it is defined,
187: .Nm visudo
188: will consider this a parse error.
189: Note that it is not possible to differentiate between an
190: alias and a host name or user name that consists solely of uppercase
191: letters, digits, and the underscore
192: .Pq Ql _
193: character.
1.1.1.3 ! misho 194: .It Fl V , -version
! 195: Print the
1.1 misho 196: .Nm visudo
1.1.1.3 ! misho 197: and
! 198: .Em sudoers
! 199: grammar versions and exit.
1.1 misho 200: .El
201: .Sh ENVIRONMENT
202: The following environment variables may be consulted depending on
203: the value of the
204: .Em editor
205: and
206: .Em env_editor
207: .Em sudoers
208: settings:
209: .Bl -tag -width 15n
210: .It Ev VISUAL
211: Invoked by
212: .Nm visudo
213: as the editor to use
214: .It Ev EDITOR
215: Used by
216: .Nm visudo
217: if
218: .Ev VISUAL
219: is not set
220: .El
221: .Sh FILES
222: .Bl -tag -width 24n
223: .It Pa @sysconfdir@/sudoers
224: List of who can run what
225: .It Pa @sysconfdir@/sudoers.tmp
226: Lock file for visudo
227: .El
228: .Sh DIAGNOSTICS
229: .Bl -tag -width 4n
230: .It Li sudoers file busy, try again later.
231: Someone else is currently editing the
232: .Em sudoers
233: file.
234: .It Li @sysconfdir@/sudoers.tmp: Permission denied
235: You didn't run
236: .Nm visudo
237: as root.
238: .It Li Can't find you in the passwd database
239: Your user ID does not appear in the system passwd file.
240: .It Li Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
241: Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
242: or you have a user or host name listed that consists solely of
243: uppercase letters, digits, and the underscore
244: .Pq Ql _
245: character.
246: In the latter case, you can ignore the warnings
247: .Po
248: .Nm sudo
249: will not complain
250: .Pc .
251: In
252: .Fl s
253: (strict) mode these are errors, not warnings.
254: .It Li Warning: unused {User,Runas,Host,Cmnd}_Alias
255: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
256: used.
257: You may wish to comment out or remove the unused alias.
258: In
259: .Fl s
260: (strict) mode this is an error, not a warning.
261: .It Li Warning: cycle in {User,Runas,Host,Cmnd}_Alias
262: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
263: itself, either directly or through an alias it includes.
264: This is only a warning by default as
265: .Nm sudo
266: will ignore cycles when parsing
267: the
268: .Em sudoers
269: file.
270: .El
271: .Sh SEE ALSO
272: .Xr vi 1 ,
273: .Xr sudoers @mansectform@ ,
274: .Xr sudo @mansectsu@ ,
275: .Xr vipw @mansectsu@
276: .Sh AUTHORS
277: Many people have worked on
278: .Nm sudo
279: over the years; this version consists of code written primarily by:
280: .Bd -ragged -offset indent
281: Todd C. Miller
282: .Ed
283: .Pp
284: See the CONTRIBUTORS file in the
285: .Nm sudo
286: distribution (http://www.sudo.ws/sudo/contributors.html) for an
287: exhaustive list of people who have contributed to
288: .Nm sudo .
289: .Sh CAVEATS
290: There is no easy way to prevent a user from gaining a root shell if
291: the editor used by
292: .Nm visudo
293: allows shell escapes.
294: .Sh BUGS
295: If you feel you have found a bug in
296: .Nm visudo ,
297: please submit a bug report at http://www.sudo.ws/sudo/bugs/
298: .Sh SUPPORT
299: Limited free support is available via the sudo-users mailing list,
300: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
301: search the archives.
302: .Sh DISCLAIMER
303: .Nm visudo
304: is provided
305: .Dq AS IS
306: and any express or implied warranties, including, but not limited
307: to, the implied warranties of merchantability and fitness for a
308: particular purpose are disclaimed.
309: See the LICENSE file distributed with
310: .Nm sudo
311: or http://www.sudo.ws/sudo/license.html for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>