])dnl
dnl
-dnl check for vi
-dnl
-AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING(for vi)
-if test -f "/usr/bin/vi"; then
- AC_MSG_RESULT(/usr/bin/vi)
- SUDO_DEFINE(_PATH_VI, "/usr/bin/vi")
-elif test -f "/usr/ucb/vi"; then
- AC_MSG_RESULT(/usr/ucb/vi)
- SUDO_DEFINE(_PATH_VI, "/usr/ucb/vi")
-elif test -f "/usr/bsd/vi"; then
- AC_MSG_RESULT(/usr/bsd/vi)
- SUDO_DEFINE(_PATH_VI, "/usr/bsd/vi")
-elif test -f "/bin/vi"; then
- AC_MSG_RESULT(/bin/vi)
- SUDO_DEFINE(_PATH_VI, "/bin/vi")
-elif test -f "/usr/local/bin/vi"; then
- AC_MSG_RESULT(/usr/local/bin/vi)
- SUDO_DEFINE(_PATH_VI, "/usr/local/bin/vi")
-else
+dnl check for vi in well-known locations
+dnl
+AC_DEFUN(SUDO_PROG_VI, [AC_MSG_CHECKING([for vi])
+found=no
+for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
+ if test -f "$editor"; then
+ found=yes
+ AC_MSG_RESULT([$editor])
+ SUDO_DEFINE_UNQUOTED(_PATH_VI, "$editor")
+ break
+ fi
+done
+if test X"$found" != X"no"; then
AC_MSG_RESULT(not found)
fi
])dnl
EXEEXT
ac_ct_CC
CC
+editor
secure_path
netsvc_conf
nsswitch_conf
+
#
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_editor" >&5
$as_echo "$with_editor" >&6; }
+ editor="$with_editor"
;;
esac
else
yes) as_fn_error "\"--with-askpass takes a path as an argument.\"" "$LINENO" 5
;;
no) ;;
- *)
-cat >>confdefs.h <<_ACEOF
+ *) cat >>confdefs.h <<EOF
#define _PATH_SUDO_ASKPASS "$with_askpass"
-_ACEOF
+EOF
;;
esac
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:6628: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:6630: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:6631: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:6633: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:6634: output\"" >&5)
+ (eval echo "\"\$as_me:6636: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 7839 "configure"' > conftest.$ac_ext
+ echo '#line 7841 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9232: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9234: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9236: \$? = $ac_status" >&5
+ echo "$as_me:9238: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9571: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9573: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:9575: \$? = $ac_status" >&5
+ echo "$as_me:9577: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9676: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9678: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9680: \$? = $ac_status" >&5
+ echo "$as_me:9682: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:9731: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:9733: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:9735: \$? = $ac_status" >&5
+ echo "$as_me:9737: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12098 "configure"
+#line 12100 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 12194 "configure"
+#line 12196 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
if test -z "$with_editor"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for vi" >&5
$as_echo_n "checking for vi... " >&6; }
-if test -f "/usr/bin/vi"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/bin/vi" >&5
-$as_echo "/usr/bin/vi" >&6; }
- cat >>confdefs.h <<\EOF
-#define _PATH_VI "/usr/bin/vi"
-EOF
-
-elif test -f "/usr/ucb/vi"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/ucb/vi" >&5
-$as_echo "/usr/ucb/vi" >&6; }
- cat >>confdefs.h <<\EOF
-#define _PATH_VI "/usr/ucb/vi"
-EOF
-
-elif test -f "/usr/bsd/vi"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/bsd/vi" >&5
-$as_echo "/usr/bsd/vi" >&6; }
- cat >>confdefs.h <<\EOF
-#define _PATH_VI "/usr/bsd/vi"
-EOF
-
-elif test -f "/bin/vi"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: /bin/vi" >&5
-$as_echo "/bin/vi" >&6; }
- cat >>confdefs.h <<\EOF
-#define _PATH_VI "/bin/vi"
-EOF
-
-elif test -f "/usr/local/bin/vi"; then
- { $as_echo "$as_me:${as_lineno-$LINENO}: result: /usr/local/bin/vi" >&5
-$as_echo "/usr/local/bin/vi" >&6; }
- cat >>confdefs.h <<\EOF
-#define _PATH_VI "/usr/local/bin/vi"
+found=no
+for editor in "/usr/bin/vi" "/bin/vi" "/usr/ucb/vi" "/usr/bsd/vi" "/usr/local/bin/vi"; do
+ if test -f "$editor"; then
+ found=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $editor" >&5
+$as_echo "$editor" >&6; }
+ cat >>confdefs.h <<EOF
+#define _PATH_VI "$editor"
EOF
-else
+ break
+ fi
+done
+if test X"$found" != X"no"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: not found" >&5
$as_echo "not found" >&6; }
fi
INSTALL_NOEXEC="install-noexec"
eval noexec_file="$with_noexec"
-
-cat >>confdefs.h <<_ACEOF
+ cat >>confdefs.h <<EOF
#define _PATH_SUDO_NOEXEC "$noexec_file"
-_ACEOF
+EOF
fi
if test X"$with_selinux" != X"no"; then
eval sesh_file="$libexecdir/sesh"
-
-cat >>confdefs.h <<_ACEOF
+ cat >>confdefs.h <<EOF
#define _PATH_SUDO_SESH "$sesh_file"
-_ACEOF
+EOF
fi
exec_prefix="$oexec_prefix"
AC_SUBST([nsswitch_conf])
AC_SUBST([netsvc_conf])
AC_SUBST([secure_path])
+AC_SUBST([editor])
#
# Begin initial values for man page substitution
#
fqdn=off
runas_default=root
env_editor=off
+editor=vi
passwd_tries=3
tty_tickets=off
insults=off
;;
*) AC_DEFINE_UNQUOTED(EDITOR, "$with_editor", [A colon-separated list of pathnames to be used as the editor for visudo.])
AC_MSG_RESULT([$with_editor])
+ editor="$with_editor"
;;
esac], [AC_DEFINE(EDITOR, _PATH_VI) AC_MSG_RESULT(vi)])
yes) AC_MSG_ERROR(["--with-askpass takes a path as an argument."])
;;
no) ;;
- *) AC_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
+ *) SUDO_DEFINE_UNQUOTED(_PATH_SUDO_ASKPASS, "$with_askpass", [The fully qualified pathname of askpass])
;;
esac], AC_MSG_RESULT(no))
INSTALL_NOEXEC="install-noexec"
eval noexec_file="$with_noexec"
- AC_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_NOEXEC, "$noexec_file", [The fully qualified pathname of sudo_noexec.so])
fi
if test X"$with_selinux" != X"no"; then
eval sesh_file="$libexecdir/sesh"
- AC_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
+ SUDO_DEFINE_UNQUOTED(_PATH_SUDO_SESH, "$sesh_file", [The fully qualified pathname of sesh])
fi
exec_prefix="$oexec_prefix"
fi
-1.7.4 July 12, 2010 1
+1.7.4 July 14, 2010 1
-1.7.4 July 12, 2010 2
+1.7.4 July 14, 2010 2
-1.7.4 July 12, 2010 3
+1.7.4 July 14, 2010 3
-1.7.4 July 12, 2010 4
+1.7.4 July 14, 2010 4
-1.7.4 July 12, 2010 5
+1.7.4 July 14, 2010 5
-1.7.4 July 12, 2010 6
+1.7.4 July 14, 2010 6
-1.7.4 July 12, 2010 7
+1.7.4 July 14, 2010 7
-1.7.4 July 12, 2010 8
+1.7.4 July 14, 2010 8
-1.7.4 July 12, 2010 9
+1.7.4 July 14, 2010 9
-1.7.4 July 12, 2010 10
+1.7.4 July 14, 2010 10
-1.7.4 July 12, 2010 11
+1.7.4 July 14, 2010 11
-1.7.4 July 12, 2010 12
+1.7.4 July 14, 2010 12
-1.7.4 July 12, 2010 13
+1.7.4 July 14, 2010 13
-1.7.4 July 12, 2010 14
+1.7.4 July 14, 2010 14
-1.7.4 July 12, 2010 15
+1.7.4 July 14, 2010 15
used with v\bvi\bis\bsu\bud\bdo\bo. v\bvi\bis\bsu\bud\bdo\bo will choose the editor that
matches the user's EDITOR environment variable if
possible, or the first editor in the list that exists
- and is executable. The default is the path to vi on
- your system.
+ and is executable. The default is "vi".
mailsub Subject of the mail sent to the _\bm_\ba_\bi_\bl_\bt_\bo user. The escape
%h will expand to the host name of the machine.
-1.7.4 July 12, 2010 16
+
+1.7.4 July 14, 2010 16
-1.7.4 July 12, 2010 17
+1.7.4 July 14, 2010 17
-1.7.4 July 12, 2010 18
+1.7.4 July 14, 2010 18
-1.7.4 July 12, 2010 19
+1.7.4 July 14, 2010 19
-1.7.4 July 12, 2010 20
+1.7.4 July 14, 2010 20
E\bEX\bXA\bAM\bMP\bPL\bLE\bES\bS
Below are example _\bs_\bu_\bd_\bo_\be_\br_\bs entries. Admittedly, some of these are a bit
- contrived. First, we define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
+ contrived. First, we allow a few environment variables to pass and
+ then define our _\ba_\bl_\bi_\ba_\bs_\be_\bs:
+
+ # Run X applications through sudo; HOME is used to find .Xauthority file
+ # Note that some programs may use HOME for other purposes too and
+ # this may lead to privilege escalation!
+ Defaults env_keep = "DISPLAY HOME"
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
- /usr/local/bin/tcsh, /usr/bin/rsh, \
- /usr/local/bin/zsh
- Cmnd_Alias SU = /usr/bin/su
- Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
-
- Here we override some of the compiled in default values. We want s\bsu\bud\bdo\bo
-1.7.4 July 12, 2010 21
+1.7.4 July 14, 2010 21
SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ /usr/local/bin/tcsh, /usr/bin/rsh, \
+ /usr/local/bin/zsh
+ Cmnd_Alias SU = /usr/bin/su
+ Cmnd_Alias PAGERS = /usr/bin/more, /usr/bin/pg, /usr/bin/less
+
+ Here we override some of the compiled in default values. We want s\bsu\bud\bdo\bo
to log via _\bs_\by_\bs_\bl_\bo_\bg(3) using the _\ba_\bu_\bt_\bh facility in all cases. We don't
want to subject the full time staff to the s\bsu\bud\bdo\bo lecture, user m\bmi\bil\bll\ble\ber\brt\bt
need not give a password, and we don't want to reset the LOGNAME, USER
lisa CUNETS = ALL
- The user l\bli\bis\bsa\ba may run any command on any host in the _\bC_\bU_\bN_\bE_\bT_\bS alias (the
- class B network 128.138.0.0).
- operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
- sudoedit /etc/printcap, /usr/oper/bin/
+1.7.4 July 14, 2010 22
-1.7.4 July 12, 2010 22
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ The user l\bli\bis\bsa\ba may run any command on any host in the _\bC_\bU_\bN_\bE_\bT_\bS alias (the
+ class B network 128.138.0.0).
+ operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
+ sudoedit /etc/printcap, /usr/oper/bin/
The o\bop\bpe\ber\bra\bat\bto\bor\br user may run commands limited to simple maintenance.
Here, those are commands related to backups, killing processes, the
jen ALL, !SERVERS = ALL
- The user j\bje\ben\bn may run any command on any machine except for those in the
- _\bS_\bE_\bR_\bV_\bE_\bR_\bS Host_Alias (master, mail, www and ns).
- jill SERVERS = /usr/bin/, !SU, !SHELLS
- For any machine in the _\bS_\bE_\bR_\bV_\bE_\bR_\bS Host_Alias, j\bji\bil\bll\bl may run any commands in
+1.7.4 July 14, 2010 23
-1.7.4 July 12, 2010 23
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ The user j\bje\ben\bn may run any command on any machine except for those in the
+ _\bS_\bE_\bR_\bV_\bE_\bR_\bS Host_Alias (master, mail, www and ns).
+ jill SERVERS = /usr/bin/, !SU, !SHELLS
+ For any machine in the _\bS_\bE_\bR_\bV_\bE_\bR_\bS Host_Alias, j\bji\bil\bll\bl may run any commands in
the directory _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn_\b/ except for those commands belonging to the _\bS_\bU
and _\bS_\bH_\bE_\bL_\bL_\bS Cmnd_Aliases.
an inconvenience for rules that grant privileges, it can result in a
security issue for rules that subtract or revoke privileges.
- For example, given the following _\bs_\bu_\bd_\bo_\be_\br_\bs entry:
- john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,
- /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root
- User j\bjo\boh\bhn\bn can still run /usr/bin/passwd root if _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb is enabled by
+1.7.4 July 14, 2010 24
-1.7.4 July 12, 2010 24
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ For example, given the following _\bs_\bu_\bd_\bo_\be_\br_\bs entry:
+ john ALL = /usr/bin/passwd [a-zA-Z0-9]*, /usr/bin/chsh [a-zA-Z0-9]*,
+ /usr/bin/chfn [a-zA-Z0-9]*, !/usr/bin/* root
+ User j\bjo\boh\bhn\bn can still run /usr/bin/passwd root if _\bf_\ba_\bs_\bt_\b__\bg_\bl_\bo_\bb is enabled by
changing to _\b/_\bu_\bs_\br_\b/_\bb_\bi_\bn and running ./passwd root instead.
P\bPR\bRE\bEV\bVE\bEN\bNT\bTI\bIN\bNG\bG S\bSH\bHE\bEL\bLL\bL E\bES\bSC\bCA\bAP\bPE\bES\bS
systems that support the LD_PRELOAD environment variable.
Check your operating system's manual pages for the dynamic
linker (usually ld.so, ld.so.1, dyld, dld.sl, rld, or loader)
- to see if LD_PRELOAD is supported.
- To enable _\bn_\bo_\be_\bx_\be_\bc for a command, use the NOEXEC tag as
- documented in the User Specification section above. Here is
- that example again:
+1.7.4 July 14, 2010 25
-1.7.4 July 12, 2010 25
+SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
-SUDOERS(4) MAINTENANCE COMMANDS SUDOERS(4)
+ to see if LD_PRELOAD is supported.
+ To enable _\bn_\bo_\be_\bx_\be_\bc for a command, use the NOEXEC tag as
+ documented in the User Specification section above. Here is
+ that example again:
aaron shanty = NOEXEC: /usr/bin/more, /usr/bin/vi
-
-
-
-
-
-
-1.7.4 July 12, 2010 26
+1.7.4 July 14, 2010 26
.\" ========================================================================
.\"
.IX Title "SUDOERS @mansectform@"
-.TH SUDOERS @mansectform@ "July 12, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.TH SUDOERS @mansectform@ "July 14, 2010" "1.7.4" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
A colon (':') separated list of editors allowed to be used with
\&\fBvisudo\fR. \fBvisudo\fR will choose the editor that matches the user's
\&\s-1EDITOR\s0 environment variable if possible, or the first editor in the
-list that exists and is executable. The default is the path to vi
-on your system.
+list that exists and is executable. The default is \f(CW"@editor@"\fR.
.IP "mailsub" 16
.IX Item "mailsub"
Subject of the mail sent to the \fImailto\fR user. The escape \f(CW%h\fR
.SH "EXAMPLES"
.IX Header "EXAMPLES"
Below are example \fIsudoers\fR entries. Admittedly, some of
-these are a bit contrived. First, we define our \fIaliases\fR:
+these are a bit contrived. First, we allow a few environment
+variables to pass and then define our \fIaliases\fR:
.PP
.Vb 4
+\& # Run X applications through sudo; HOME is used to find .Xauthority file
+\& # Note that some programs may use HOME for other purposes too and
+\& # this may lead to privilege escalation!
+\& Defaults env_keep = "DISPLAY HOME"
+\&
\& # User alias specification
\& User_Alias FULLTIMERS = millert, mikef, dowdy
\& User_Alias PARTTIMERS = bostley, jwfox, crawl
A colon (':') separated list of editors allowed to be used with
B<visudo>. B<visudo> will choose the editor that matches the user's
EDITOR environment variable if possible, or the first editor in the
-list that exists and is executable. The default is the path to vi
-on your system.
+list that exists and is executable. The default is C<"@editor@">.
=item mailsub
=head1 EXAMPLES
Below are example I<sudoers> entries. Admittedly, some of
-these are a bit contrived. First, we define our I<aliases>:
+these are a bit contrived. First, we allow a few environment
+variables to pass and then define our I<aliases>:
+
+ # Run X applications through sudo; HOME is used to find .Xauthority file
+ # Note that some programs may use HOME for other purposes too and
+ # this may lead to privilege escalation!
+ Defaults env_keep = "DISPLAY HOME"
# User alias specification
User_Alias FULLTIMERS = millert, mikef, dowdy
_\bs_\bu_\bd_\bo_\be_\br_\bs file is currently being edited you will receive a message to
try again later.
- There is a hard-coded list of editors that v\bvi\bis\bsu\bud\bdo\bo will use set at
- compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs Default
- variable. This list defaults to the path to _\bv_\bi(1) on your system, as
- determined by the _\bc_\bo_\bn_\bf_\bi_\bg_\bu_\br_\be script. Normally, v\bvi\bis\bsu\bud\bdo\bo does not honor
- the VISUAL or EDITOR environment variables unless they contain an
- editor in the aforementioned editors list. However, if v\bvi\bis\bsu\bud\bdo\bo is
- configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\be_\bd_\bi_\bt_\bo_\br option or the _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br Default
- variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any the editor defines by
- VISUAL or EDITOR. Note that this can be a security hole since it
- allows the user to execute any program they wish simply by setting
- VISUAL or EDITOR.
+ There is a hard-coded list of one or more editors that v\bvi\bis\bsu\bud\bdo\bo will use
+ set at compile-time that may be overridden via the _\be_\bd_\bi_\bt_\bo_\br _\bs_\bu_\bd_\bo_\be_\br_\bs
+ Default variable. This list defaults to "vi". Normally, v\bvi\bis\bsu\bud\bdo\bo does
+ not honor the VISUAL or EDITOR environment variables unless they
+ contain an editor in the aforementioned editors list. However, if
+ v\bvi\bis\bsu\bud\bdo\bo is configured with the _\b-_\b-_\bw_\bi_\bt_\bh_\b-_\be_\bn_\bv_\b-_\be_\bd_\bi_\bt_\bo_\br option or the
+ _\be_\bn_\bv_\b__\be_\bd_\bi_\bt_\bo_\br Default variable is set in _\bs_\bu_\bd_\bo_\be_\br_\bs, v\bvi\bis\bsu\bud\bdo\bo will use any the
+ editor defines by VISUAL or EDITOR. Note that this can be a security
+ hole since it allows the user to execute any program they wish simply
+ by setting VISUAL or EDITOR.
v\bvi\bis\bsu\bud\bdo\bo parses the _\bs_\bu_\bd_\bo_\be_\br_\bs file after the edit and will not save the
changes if there is a syntax error. Upon finding an error, v\bvi\bis\bsu\bud\bdo\bo will
appended to it.
-q Enable q\bqu\bui\bie\bet\bt mode. In this mode details about syntax
+ errors are not printed. This option is only useful when
-1.7.4 July 12, 2010 1
+1.7.4 July 14, 2010 1
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
- errors are not printed. This option is only useful when
combined with the -\b-c\bc option.
-s Enable s\bst\btr\bri\bic\bct\bt checking of the _\bs_\bu_\bd_\bo_\be_\br_\bs file. If an alias is
A\bAU\bUT\bTH\bHO\bOR\bR
Many people have worked on _\bs_\bu_\bd_\bo over the years; this version of v\bvi\bis\bsu\bud\bdo\bo
+ was written by:
-1.7.4 July 12, 2010 2
+1.7.4 July 14, 2010 2
VISUDO(1m) MAINTENANCE COMMANDS VISUDO(1m)
- was written by:
-
Todd Miller
See the HISTORY file in the sudo distribution or visit
-1.7.4 July 12, 2010 3
+
+
+1.7.4 July 14, 2010 3
.\" ========================================================================
.\"
.IX Title "VISUDO @mansectsu@"
-.TH VISUDO @mansectsu@ "July 12, 2010" "1.7.4" "MAINTENANCE COMMANDS"
+.TH VISUDO @mansectsu@ "July 14, 2010" "1.7.4" "MAINTENANCE COMMANDS"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
for parse errors. If the \fIsudoers\fR file is currently being
edited you will receive a message to try again later.
.PP
-There is a hard-coded list of editors that \fBvisudo\fR will use set
-at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
-\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to the path to \fIvi\fR\|(1) on
-your system, as determined by the \fIconfigure\fR script. Normally,
+There is a hard-coded list of one or more editors that \fBvisudo\fR will
+use set at compile-time that may be overridden via the \fIeditor\fR \fIsudoers\fR
+\&\f(CW\*(C`Default\*(C'\fR variable. This list defaults to \f(CW"@editor@"\fR. Normally,
\&\fBvisudo\fR does not honor the \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR environment
variables unless they contain an editor in the aforementioned editors
-list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-enveditor\fR
+list. However, if \fBvisudo\fR is configured with the \fI\-\-with\-env\-editor\fR
option or the \fIenv_editor\fR \f(CW\*(C`Default\*(C'\fR variable is set in \fIsudoers\fR,
\&\fBvisudo\fR will use any the editor defines by \f(CW\*(C`VISUAL\*(C'\fR or \f(CW\*(C`EDITOR\*(C'\fR.
Note that this can be a security hole since it allows the user to
for parse errors. If the I<sudoers> file is currently being
edited you will receive a message to try again later.
-There is a hard-coded list of editors that B<visudo> will use set
-at compile-time that may be overridden via the I<editor> I<sudoers>
-C<Default> variable. This list defaults to the path to L<vi(1)> on
-your system, as determined by the I<configure> script. Normally,
+There is a hard-coded list of one or more editors that B<visudo> will
+use set at compile-time that may be overridden via the I<editor> I<sudoers>
+C<Default> variable. This list defaults to C<"@editor@">. Normally,
B<visudo> does not honor the C<VISUAL> or C<EDITOR> environment
variables unless they contain an editor in the aforementioned editors
-list. However, if B<visudo> is configured with the I<--with-enveditor>
+list. However, if B<visudo> is configured with the I<--with-env-editor>
option or the I<env_editor> C<Default> variable is set in I<sudoers>,
B<visudo> will use any the editor defines by C<VISUAL> or C<EDITOR>.
Note that this can be a security hole since it allows the user to
projects / sudo / commitdiff