| |
| |
| |
| VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) |
| |
| |
| NNAAMMEE |
| visudo - edit the sudoers file |
| |
| SSYYNNOOPPSSIISS |
| vviissuuddoo [--cc] [--qq] [--ss] [--VV] [--ff _s_u_d_o_e_r_s] |
| |
| DDEESSCCRRIIPPTTIIOONN |
| vviissuuddoo edits the _s_u_d_o_e_r_s file in a safe fashion, analogous to _v_i_p_w(1m). |
| vviissuuddoo locks the _s_u_d_o_e_r_s file against multiple simultaneous edits, |
| provides basic sanity checks, and checks for parse errors. If the |
| _s_u_d_o_e_r_s file is currently being edited you will receive a message to |
| try again later. |
| |
| There is a hard-coded list of one or more editors that vviissuuddoo will use |
| set at compile-time that may be overridden via the _e_d_i_t_o_r _s_u_d_o_e_r_s |
| Default variable. This list defaults to "vi". Normally, vviissuuddoo does |
| not honor the VISUAL or EDITOR environment variables unless they |
| contain an editor in the aforementioned editors list. However, if |
| vviissuuddoo is configured with the _-_-_w_i_t_h_-_e_n_v_-_e_d_i_t_o_r option or the |
| _e_n_v___e_d_i_t_o_r Default variable is set in _s_u_d_o_e_r_s, vviissuuddoo will use any the |
| editor defines by VISUAL or EDITOR. Note that this can be a security |
| hole since it allows the user to execute any program they wish simply |
| by setting VISUAL or EDITOR. |
| |
| vviissuuddoo parses the _s_u_d_o_e_r_s file after the edit and will not save the |
| changes if there is a syntax error. Upon finding an error, vviissuuddoo will |
| print a message stating the line number(s) where the error occurred and |
| the user will receive the "What now?" prompt. At this point the user |
| may enter "e" to re-edit the _s_u_d_o_e_r_s file, "x" to exit without saving |
| the changes, or "Q" to quit and save changes. The "Q" option should be |
| used with extreme care because if vviissuuddoo believes there to be a parse |
| error, so will ssuuddoo and no one will be able to ssuuddoo again until the |
| error is fixed. If "e" is typed to edit the _s_u_d_o_e_r_s file after a |
| parse error has been detected, the cursor will be placed on the line |
| where the error occurred (if the editor supports this feature). |
| |
| OOPPTTIIOONNSS |
| vviissuuddoo accepts the following command line options: |
| |
| -c Enable cchheecckk--oonnllyy mode. The existing _s_u_d_o_e_r_s file will be |
| checked for syntax and a message will be printed to the |
| standard output detailing the status of _s_u_d_o_e_r_s. If the |
| syntax check completes successfully, vviissuuddoo will exit with |
| a value of 0. If a syntax error is encountered, vviissuuddoo |
| will exit with a value of 1. |
| |
| -f _s_u_d_o_e_r_s Specify and alternate _s_u_d_o_e_r_s file location. With this |
| option vviissuuddoo will edit (or check) the _s_u_d_o_e_r_s file of your |
| choice, instead of the default, _/_e_t_c_/_s_u_d_o_e_r_s. The lock |
| file used is the specified _s_u_d_o_e_r_s file with ".tmp" |
| appended to it. |
| |
| -q Enable qquuiieett mode. In this mode details about syntax |
| errors are not printed. This option is only useful when |
| |
| |
| |
| 1.7.4 July 14, 2010 1 |
| |
| |
| |
| |
| |
| VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) |
| |
| |
| combined with the --cc option. |
| |
| -s Enable ssttrriicctt checking of the _s_u_d_o_e_r_s file. If an alias is |
| used before it is defined, vviissuuddoo will consider this a |
| parse error. Note that it is not possible to differentiate |
| between an alias and a host name or user name that consists |
| solely of uppercase letters, digits, and the underscore |
| ('_') character. |
| |
| -V The --VV (version) option causes vviissuuddoo to print its version |
| number and exit. |
| |
| EENNVVIIRROONNMMEENNTT |
| The following environment variables may be consulted depending on the |
| value of the _e_d_i_t_o_r and _e_n_v___e_d_i_t_o_r _s_u_d_o_e_r_s variables: |
| |
| VISUAL Invoked by visudo as the editor to use |
| |
| EDITOR Used by visudo if VISUAL is not set |
| |
| FFIILLEESS |
| _/_e_t_c_/_s_u_d_o_e_r_s List of who can run what |
| |
| _/_e_t_c_/_s_u_d_o_e_r_s_._t_m_p Lock file for visudo |
| |
| DDIIAAGGNNOOSSTTIICCSS |
| sudoers file busy, try again later. |
| Someone else is currently editing the _s_u_d_o_e_r_s file. |
| |
| /etc/sudoers.tmp: Permission denied |
| You didn't run vviissuuddoo as root. |
| |
| Can't find you in the passwd database |
| Your userid does not appear in the system passwd file. |
| |
| Warning: {User,Runas,Host,Cmnd}_Alias referenced but not defined |
| Either you are trying to use an undeclare |
| {User,Runas,Host,Cmnd}_Alias or you have a user or host name listed |
| that consists solely of uppercase letters, digits, and the |
| underscore ('_') character. In the latter case, you can ignore the |
| warnings (ssuuddoo will not complain). In --ss (strict) mode these are |
| errors, not warnings. |
| |
| Warning: unused {User,Runas,Host,Cmnd}_Alias |
| The specified {User,Runas,Host,Cmnd}_Alias was defined but never |
| used. You may wish to comment out or remove the unused alias. In |
| --ss (strict) mode this is an error, not a warning. |
| |
| SSEEEE AALLSSOO |
| _v_i(1), _s_u_d_o_e_r_s(4), _s_u_d_o(1m), _v_i_p_w(8) |
| |
| AAUUTTHHOORR |
| Many people have worked on _s_u_d_o over the years; this version of vviissuuddoo |
| was written by: |
| |
| |
| |
| 1.7.4 July 14, 2010 2 |
| |
| |
| |
| |
| |
| VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m) |
| |
| |
| Todd Miller |
| |
| See the HISTORY file in the sudo distribution or visit |
| http://www.sudo.ws/sudo/history.html for more details. |
| |
| CCAAVVEEAATTSS |
| There is no easy way to prevent a user from gaining a root shell if the |
| editor used by vviissuuddoo allows shell escapes. |
| |
| BBUUGGSS |
| If you feel you have found a bug in vviissuuddoo, please submit a bug report |
| at http://www.sudo.ws/sudo/bugs/ |
| |
| SSUUPPPPOORRTT |
| Limited free support is available via the sudo-users mailing list, see |
| http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or search |
| the archives. |
| |
| DDIISSCCLLAAIIMMEERR |
| vviissuuddoo is provided ``AS IS'' and any express or implied warranties, |
| including, but not limited to, the implied warranties of |
| merchantability and fitness for a particular purpose are disclaimed. |
| See the LICENSE file distributed with ssuuddoo or |
| http://www.sudo.ws/sudo/license.html for complete details. |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| 1.7.4 July 14, 2010 3 |
| |
| |