Annotation of embedaddon/sudo/doc/visudo.pod, revision 1.1
1.1 ! misho 1: Copyright (c) 1996,1998-2005, 2007-2011
! 2: Todd C. Miller <Todd.Miller@courtesan.com>
! 3:
! 4: Permission to use, copy, modify, and distribute this software for any
! 5: purpose with or without fee is hereby granted, provided that the above
! 6: copyright notice and this permission notice appear in all copies.
! 7:
! 8: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 9: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 10: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 11: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 12: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 13: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 14: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 15: ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
! 16:
! 17: Sponsored in part by the Defense Advanced Research Projects
! 18: Agency (DARPA) and Air Force Research Laboratory, Air Force
! 19: Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 20:
! 21: =pod
! 22:
! 23: =head1 NAME
! 24:
! 25: visudo - edit the sudoers file
! 26:
! 27: =head1 SYNOPSIS
! 28:
! 29: B<visudo> [B<-chqsV>] [B<-f> I<sudoers>]
! 30:
! 31: =head1 DESCRIPTION
! 32:
! 33: B<visudo> edits the I<sudoers> file in a safe fashion, analogous to
! 34: L<vipw(8)>. B<visudo> locks the I<sudoers> file against multiple
! 35: simultaneous edits, provides basic sanity checks, and checks
! 36: for parse errors. If the I<sudoers> file is currently being
! 37: edited you will receive a message to try again later.
! 38:
! 39: There is a hard-coded list of one or more editors that B<visudo> will
! 40: use set at compile-time that may be overridden via the I<editor> I<sudoers>
! 41: C<Default> variable. This list defaults to C<"@editor@">. Normally,
! 42: B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment
! 43: variables unless they contain an editor in the aforementioned editors
! 44: list. However, if B<visudo> is configured with the I<--with-env-editor>
! 45: option or the I<env_editor> C<Default> variable is set in I<sudoers>,
! 46: B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>.
! 47: Note that this can be a security hole since it allows the user to
! 48: execute any program they wish simply by setting C<VISUAL> or C<EDITOR>.
! 49:
! 50: B<visudo> parses the I<sudoers> file after the edit and will
! 51: not save the changes if there is a syntax error. Upon finding
! 52: an error, B<visudo> will print a message stating the line number(s)
! 53: where the error occurred and the user will receive the
! 54: "What now?" prompt. At this point the user may enter "e"
! 55: to re-edit the I<sudoers> file, "x" to exit without
! 56: saving the changes, or "Q" to quit and save changes. The
! 57: "Q" option should be used with extreme care because if B<visudo>
! 58: believes there to be a parse error, so will B<sudo> and no one
! 59: will be able to B<sudo> again until the error is fixed.
! 60: If "e" is typed to edit the I<sudoers> file after a parse error
! 61: has been detected, the cursor will be placed on the line where the
! 62: error occurred (if the editor supports this feature).
! 63:
! 64: =head1 OPTIONS
! 65:
! 66: B<visudo> accepts the following command line options:
! 67:
! 68: =over 12
! 69:
! 70: =item -c
! 71:
! 72: Enable B<check-only> mode. The existing I<sudoers> file will be
! 73: checked for syntax and a message will be printed to the
! 74: standard output detailing the status of I<sudoers>.
! 75: If the syntax check completes successfully, B<visudo> will
! 76: exit with a value of 0. If a syntax error is encountered,
! 77: B<visudo> will exit with a value of 1.
! 78:
! 79: =item -f I<sudoers>
! 80:
! 81: Specify and alternate I<sudoers> file location. With this option
! 82: B<visudo> will edit (or check) the I<sudoers> file of your choice,
! 83: instead of the default, F<@sysconfdir@/sudoers>. The lock file used
! 84: is the specified I<sudoers> file with ".tmp" appended to it.
! 85: In B<check-only> mode only, the argument to B<-f> may be "-",
! 86: indicating that I<sudoers> will be read from the standard input.
! 87:
! 88: =item -h
! 89:
! 90: The B<-h> (I<help>) option causes B<visudo> to print a short help message
! 91: to the standard output and exit.
! 92:
! 93: =item -q
! 94:
! 95: Enable B<quiet> mode. In this mode details about syntax errors
! 96: are not printed. This option is only useful when combined with
! 97: the B<-c> option.
! 98:
! 99: =item -s
! 100:
! 101: Enable B<strict> checking of the I<sudoers> file. If an alias is
! 102: used before it is defined, B<visudo> will consider this a parse
! 103: error. Note that it is not possible to differentiate between an
! 104: alias and a host name or user name that consists solely of uppercase
! 105: letters, digits, and the underscore ('_') character.
! 106:
! 107: =item -V
! 108:
! 109: The B<-V> (version) option causes B<visudo> to print its version number
! 110: and exit.
! 111:
! 112: =back
! 113:
! 114: =head1 ENVIRONMENT
! 115:
! 116: The following environment variables may be consulted depending on
! 117: the value of the I<editor> and I<env_editor> I<sudoers> variables:
! 118:
! 119: =over 16
! 120:
! 121: =item C<VISUAL>
! 122:
! 123: Invoked by visudo as the editor to use
! 124:
! 125: =item C<EDITOR>
! 126:
! 127: Used by visudo if VISUAL is not set
! 128:
! 129: =back
! 130:
! 131: =head1 FILES
! 132:
! 133: =over 24
! 134:
! 135: =item F<@sysconfdir@/sudoers>
! 136:
! 137: List of who can run what
! 138:
! 139: =item F<@sysconfdir@/sudoers.tmp>
! 140:
! 141: Lock file for visudo
! 142:
! 143: =back
! 144:
! 145: =head1 DIAGNOSTICS
! 146:
! 147: =over 4
! 148:
! 149: =item sudoers file busy, try again later.
! 150:
! 151: Someone else is currently editing the I<sudoers> file.
! 152:
! 153: =item @sysconfdir@/sudoers.tmp: Permission denied
! 154:
! 155: You didn't run B<visudo> as root.
! 156:
! 157: =item Can't find you in the passwd database
! 158:
! 159: Your userid does not appear in the system passwd file.
! 160:
! 161: =item Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined
! 162:
! 163: Either you are trying to use an undeclare {User,Runas,Host,Cmnd}_Alias
! 164: or you have a user or host name listed that consists solely of
! 165: uppercase letters, digits, and the underscore ('_') character. In
! 166: the latter case, you can ignore the warnings (B<sudo> will not
! 167: complain). In B<-s> (strict) mode these are errors, not warnings.
! 168:
! 169: =item Warning: unused {User,Runas,Host,Cmnd}_Alias
! 170:
! 171: The specified {User,Runas,Host,Cmnd}_Alias was defined but never
! 172: used. You may wish to comment out or remove the unused alias. In
! 173: B<-s> (strict) mode this is an error, not a warning.
! 174:
! 175: =item Warning: cycle in {User,Runas,Host,Cmnd}_Alias
! 176:
! 177: The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
! 178: itself, either directly or through an alias it includes. This is
! 179: only a warning by default as B<sudo> will ignore cycles when parsing
! 180: the I<sudoers> file.
! 181:
! 182: =back
! 183:
! 184: =head1 SEE ALSO
! 185:
! 186: L<vi(1)>, L<sudoers(5)>, L<sudo(8)>, L<vipw(8)>
! 187:
! 188: =head1 AUTHOR
! 189:
! 190: Many people have worked on I<sudo> over the years; this version of
! 191: B<visudo> was written by:
! 192:
! 193: Todd Miller
! 194:
! 195: See the HISTORY file in the sudo distribution or visit
! 196: http://www.sudo.ws/sudo/history.html for more details.
! 197:
! 198: =head1 CAVEATS
! 199:
! 200: There is no easy way to prevent a user from gaining a root shell if
! 201: the editor used by B<visudo> allows shell escapes.
! 202:
! 203: =head1 BUGS
! 204:
! 205: If you feel you have found a bug in B<visudo>, please submit a bug report
! 206: at http://www.sudo.ws/sudo/bugs/
! 207:
! 208: =head1 SUPPORT
! 209:
! 210: Limited free support is available via the sudo-users mailing list,
! 211: see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
! 212: search the archives.
! 213:
! 214: =head1 DISCLAIMER
! 215:
! 216: B<visudo> is provided ``AS IS'' and any express or implied warranties,
! 217: including, but not limited to, the implied warranties of merchantability
! 218: and fitness for a particular purpose are disclaimed. See the LICENSE
! 219: file distributed with B<sudo> or http://www.sudo.ws/sudo/license.html
! 220: for complete details.
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to visudo.pod CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc