visudo [ -c ] [ -f sudoers ] [ -q ] [ -s ] [ -V ]
Locks and edits sudoers
, providing sanity checks and parses for errors.
check sudoers for syntax
| |||||||
|
Upon finding an error,
The lock file is
See: vi(1), sudoers, sudo(8), vipw(8)
Caveats:visudo
will use vi
as the editor*
visudo
prints a message stating the line number(s) of the error
and "What now?" may enter "e" to
re-edit the sudoers file, "x" to exit without saving the changes, or "Q" to quit and save changes.
The "Q" option should be used with extreme care because if visudo believes there to be a parse error,
so will sudo and no one will be able to sudo again until the error is fixed. If "e" is typed to edit
the sudoers file after a parse error has been detected, the cursor will be placed on the line where
the error occurred (if the editor supports this feature).
ENVIRONMENT
These environment variables are used only if visudo was configured with the --with-env-editor
option:
FILES
/private/etc/sudoers.tmp
Lock file
/private/etc/sudoers
List of who can run what
#no Host alias specification
#no User alias specification
#no Cmnd alias specification
# Defaults specification
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
#no Runas alias specification
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now
sudoers
with .tmp
appended.
DIAGNOSTICS
A syntax error in sudoers
sets return code to 1 .
Warning: undeclared Alias referenced near ...
Either a {User,Runas,Host,Cmnd
}_Alias
is used before it's definition or
there is a user or hostname listed that consists solely of uppercase letters, digits, and the underscore ('_') character.
This can be ignored
With -s
(strict) these considered are errors.
Warning: runas_default set after old value is in use ...
Entries prior to runas_default
will match based on the default value root
Entries afterward will match based on the new value.
This is usually unintentional
The runas_default
should be before Runas_Alias or User
.
With -s
(strict) this is an error.
sudo.ws/sudo/history.html