1 .\" DO NOT EDIT THIS FILE, IT IS NOT THE MASTER!
2 .\" IT IS GENERATED AUTOMATICALLY FROM visudo.mdoc.in
4 .\" Copyright (c) 1996,1998-2005, 2007-2015
5 .\" Todd C. Miller <Todd.Miller@courtesan.com>
7 .\" Permission to use, copy, modify, and distribute this software for any
8 .\" purpose with or without fee is hereby granted, provided that the above
9 .\" copyright notice and this permission notice appear in all copies.
11 .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12 .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13 .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14 .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15 .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18 .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
20 .\" Sponsored in part by the Defense Advanced Research Projects
21 .\" Agency (DARPA) and Air Force Research Laboratory, Air Force
22 .\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
24 .TH "VISUDO" "8" "November 20, 2015" "Sudo 1.8.17" "System Manager's Manual"
29 \- edit the sudoers file
34 [\fB\-f\fR\ \fIsudoers\fR]
35 [\fB\-x\fR\ \fIoutput_file\fR]
40 file in a safe fashion, analogous to
45 file against multiple simultaneous edits, provides basic sanity checks,
46 and checks for parse errors.
49 file is currently being edited you will receive a message to try again later.
51 There is a hard-coded list of one or more editors that
53 will use set at compile-time that may be overridden via the
66 environment variables unless they contain an editor in the aforementioned
70 is configured with the
71 \fR--with-env-editor\fR
78 will use any the editor defines by
82 Note that this can be a security hole since it allows the user to
83 execute any program they wish simply by setting
91 file after the edit and will
92 not save the changes if there is a syntax error.
93 Upon finding an error,
95 will print a message stating the line number(s)
96 where the error occurred and the user will receive the
99 At this point the user may enter
105 to exit without saving the changes, or
107 to quit and save changes.
110 option should be used with extreme care because if
112 believes there to be a parse error, so will
117 again until the error is fixed.
122 file after a parse error has been detected, the cursor will be placed on
123 the line where the error occurred (if the editor supports this feature).
125 The options are as follows:
127 \fB\-c\fR, \fB\--check\fR
134 checked for syntax errors, owner and mode.
135 A message will be printed to the standard output describing the status of
139 option was specified.
140 If the check completes successfully,
142 will exit with a value of 0.
143 If an error is encountered,
145 will exit with a value of 1.
147 \fB\-f\fR \fIsudoers\fR, \fB\--file\fR=\fIsudoers\fR
153 will edit (or check) the
156 instead of the default,
158 The lock file used is the specified
165 mode only, the argument to
171 will be read from the standard input.
173 \fB\-h\fR, \fB\--help\fR
174 Display a short help message to the standard output and exit.
176 \fB\-q\fR, \fB\--quiet\fR
180 In this mode details about syntax errors are not printed.
181 This option is only useful when combined with
186 \fB\-s\fR, \fB\--strict\fR
192 If an alias is used before it is defined,
194 will consider this a parse error.
195 Note that it is not possible to differentiate between an
196 alias and a host name or user name that consists solely of uppercase
197 letters, digits, and the underscore
201 \fB\-V\fR, \fB\--version\fR
206 grammar versions and exit.
208 \fB\-x\fR \fIoutput_file\fR, \fB\--export\fR=\fIoutput_file\fR
211 in JSON format and write it to
219 policy will be written to the standard output.
222 (and any files it includes) will be exported.
225 option can be used to specify a different
228 The exported format is intended to be easier for third-party
229 applications to parse than the traditional
232 The various values have explicit types which removes much of the
236 .SS "Debugging and sudoers plugin arguments"
238 versions 1.8.4 and higher support a flexible debugging framework
239 that is configured via
249 will also parse the arguments to the
251 plugin to override the default
253 path name, UID, GID and file mode.
254 These arguments, if present, should be listed after the path to the plugin
257 Multiple arguments may be specified, separated by white space.
262 Plugin sudoers_policy sudoers.so sudoers_mode=0400
266 The following arguments are supported:
268 sudoers_file=pathname
271 argument can be used to override the default path to the
278 argument can be used to override the default owner of the sudoers file.
279 It should be specified as a numeric user ID.
284 argument can be used to override the default group of the sudoers file.
285 It must be specified as a numeric group ID (not a group name).
290 argument can be used to override the default file mode for the sudoers file.
291 It should be specified as an octal value.
293 For more information on configuring
295 please refer to its manual.
297 The following environment variables may be consulted depending on
319 Sudo front end configuration
322 List of who can run what
324 \fI/etc/sudoers.tmp\fR
328 \fRsudoers file busy, try again later.\fR
329 Someone else is currently editing the
333 \fR/etc/sudoers.tmp: Permission denied\fR
338 \fRCan't find you in the passwd database\fR
339 Your user ID does not appear in the system passwd file.
341 \fRWarning: {User,Runas,Host,Cmnd}_Alias referenced but not defined\fR
342 Either you are trying to use an undeclared {User,Runas,Host,Cmnd}_Alias
343 or you have a user or host name listed that consists solely of
344 uppercase letters, digits, and the underscore
347 In the latter case, you can ignore the warnings
353 (strict) mode these are errors, not warnings.
355 \fRWarning: unused {User,Runas,Host,Cmnd}_Alias\fR
356 The specified {User,Runas,Host,Cmnd}_Alias was defined but never
358 You may wish to comment out or remove the unused alias.
360 \fRWarning: cycle in {User,Runas,Host,Cmnd}_Alias\fR
361 The specified {User,Runas,Host,Cmnd}_Alias includes a reference to
362 itself, either directly or through an alias it includes.
363 This is only a warning by default as
365 will ignore cycles when parsing
370 \fRvisudo: /etc/sudoers: input and output files must be different\fR
373 flag was used and the specified
375 has the same path name as the
385 Many people have worked on
387 over the years; this version consists of code written primarily by:
393 See the CONTRIBUTORS file in the
395 distribution (https://www.sudo.ws/contributors.html) for an
396 exhaustive list of people who have contributed to
399 There is no easy way to prevent a user from gaining a root shell if
402 allows shell escapes.
404 If you feel you have found a bug in
406 please submit a bug report at https://bugzilla.sudo.ws/
408 Limited free support is available via the sudo-users mailing list,
409 see https://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
415 and any express or implied warranties, including, but not limited
416 to, the implied warranties of merchantability and fitness for a
417 particular purpose are disclaimed.
418 See the LICENSE file distributed with
420 or https://www.sudo.ws/license.html for complete details.