as well as plugin-agnostic path names and settings.
.Pp
The
-.Nm sudo.conf
+.Nm
file supports the following directives, described in detail below.
.Bl -tag -width 8n
.It Plugin
are silently ignored.
.Pp
The
-.Nm sudo.conf
+.Nm
file is always parsed in the
.Dq Li C
locale.
.Nm sudo
front end.
Plugins are dynamically loaded based on the contents of
-.Nm sudo.conf .
+.Nm .
.Pp
A
.Li Plugin
This limitation does not apply to I/O plugins.
.Pp
If no
-.Nm sudo.conf
+.Nm
file is present, or if it contains no
.Li Plugin
lines, the
.El
.Ss Other settings
The
-.Nm sudo.conf
+.Nm
file also supports the following front end settings:
.Bl -tag -width 8n
.It disable_coredump
crashes, you may wish to re-enable core dumps by setting
.Dq disable_coredump
to false in
-.Nm sudo.conf
+.Nm
as follows:
.Bd -literal -offset indent
Set disable_coredump false
.PP
The following parameters may be specified by security policy:
.TP 4n
-\fBo\fR
+\fB\(bu\fR
real and effective user ID
.TP 4n
-\fBo\fR
+\fB\(bu\fR
real and effective group ID
.TP 4n
-\fBo\fR
+\fB\(bu\fR
supplementary group IDs
.TP 4n
-\fBo\fR
+\fB\(bu\fR
the environment list
.TP 4n
-\fBo\fR
+\fB\(bu\fR
current working directory
.TP 4n
-\fBo\fR
+\fB\(bu\fR
file creation mode mask (umask)
.TP 4n
-\fBo\fR
+\fB\(bu\fR
SELinux role and type
.TP 4n
-\fBo\fR
+\fB\(bu\fR
Solaris project
.TP 4n
-\fBo\fR
+\fB\(bu\fR
Solaris privileges
.TP 4n
-\fBo\fR
+\fB\(bu\fR
BSD login class
.TP 4n
-\fBo\fR
+\fB\(bu\fR
scheduling priority (aka nice value)
.SS "Process model"
When
.Op Fl u Ar user
.Ar
.Sh DESCRIPTION
-.Nm sudo
+.Nm
allows a permitted user to execute a
.Ar command
as the superuser or another user, as specified by the security
policy.
.Pp
-.Nm sudo
+.Nm
supports a plugin architecture for security policies and input/output
logging.
Third parties can develop and distribute their own policy and I/O
logging plugins to work seamlessly with the
-.Nm sudo
+.Nm
front end.
The default security policy is
.Em sudoers ,
.Pp
The security policy determines what privileges, if any, a user has
to run
-.Nm sudo .
+.Nm .
The policy may require that users authenticate themselves with a
password or another authentication mechanism.
If authentication is required,
-.Nm sudo
+.Nm
will exit if the user's password is not entered within a configurable
time limit.
This limit is policy-specific; the default password prompt timeout
.Pp
Security policies may support credential caching to allow the user
to run
-.Nm sudo
+.Nm
again for a period of time without requiring authentication.
The
.Em sudoers
minutes, unless overridden in
.Xr sudoers @mansectform@ .
By running
-.Nm sudo
+.Nm
with the
.Fl v
option, a user can update the cached credentials without running a
option (described below), is implied.
.Pp
Security policies may log successful and failed attempts to use
-.Nm sudo .
+.Nm .
If an I/O plugin is configured, the running command's input and
output may be logged as well.
.Pp
.Bl -tag -width Fl
.It Fl A , -askpass
Normally, if
-.Nm sudo
+.Nm
requires a password, it will read it from the user's terminal.
If the
.Fl A Pq Em askpass
.Ed
.Pp
If no askpass program is available,
-.Nm sudo
+.Nm
will exit with an error.
.It Fl a Ar type , Fl -auth-type Ns = Ns Ar type
Use the specified BSD authentication
Run the given command in the background.
Note that it is not possible to use shell job control to manipulate
background processes started by
-.Nm sudo .
+.Nm .
Most interactive commands will fail to work properly in background
mode.
.It Fl C Ar num , Fl -close-from Ns = Ns Ar num
before executing a command.
Values less than three are not permitted.
By default,
-.Nm sudo
+.Nm
will close all open file descriptors other than standard input,
standard output and standard error when executing a command.
The security policy may restrict the user's ability to use this option.
.Cm - ,
the default login class of the target user will be used.
Otherwise, the command must be run as the superuser (user ID 0), or
-.Nm sudo
+.Nm
must be run from a shell that is already running as the superuser.
If the command is being run as a login shell, additional
.Pa /etc/login.conf
.Em sudo ,
the editor is run with the invoking user's environment unmodified.
If, for some reason,
-.Nm sudo
+.Nm
is unable to update a file with its edited version, the user will
receive a warning and the edited copy will remain in a temporary
file.
.Fl c
option.
If no command is specified, an interactive shell is executed.
-.Nm sudo
+.Nm
attempts to change to that user's home directory before running the
shell.
The command is run with an environment similar to the one
.It Fl k , -reset-timestamp
When used without a command, invalidates the user's cached credentials.
In other words, the next time
-.Nm sudo
+.Nm
is run a password will be required.
This option does not require a password and was added to allow a
user to revoke
-.Nm sudo
+.Nm
permissions from a
.Pa .logout
file.
.Pp
When used in conjunction with a command or an option that may require
a password, this option will cause
-.Nm sudo
+.Nm
to ignore the user's cached credentials.
As a result,
-.Nm sudo
+.Nm
will prompt for a password (if one is required by the security
policy) and will not update the user's cached credentials.
.Pp
If
.Ar command
is specified but not allowed,
-.Nm sudo
+.Nm
will exit with a status value of 1.
.It Fl n , -non-interactive
Avoid prompting the user for input of any kind.
If a password is required for the command to run,
-.Nm sudo
+.Nm
will display an error message and exit.
.It Fl P , -preserve-groups
Preserve the invoking user's group vector unaltered.
Other security policies may not support this.
.It Fl V , -version
Print the
-.Nm sudo
+.Nm
version string as well as the version string of the security
policy plugin and any I/O plugins.
If the invoking user is already root the
.Fl V
option will display the arguments passed to configure when
-.Nm sudo
+.Nm
was built and plugins may display more verbose information such as
default options.
.It Fl v , -validate
For the
.Em sudoers
plugin, this extends the
-.Nm sudo
+.Nm
timeout for another
.Li @timeout@
minutes by default, but does not run a command.
The
.Fl -
option indicates that
-.Nm sudo
+.Nm
should stop processing command line arguments.
.El
.Pp
for more information.
.Sh COMMAND EXECUTION
When
-.Nm sudo
+.Nm
executes a command, the security policy specifies the execution
environment for the command.
Typically, the real and effective user and group and IDs are set to
.El
.Ss Process model
When
-.Nm sudo
+.Nm
runs a command, it calls
.Xr fork 2 ,
sets up the execution environment as described above, and calls the
.Xr execve
system call in the child process.
The main
-.Nm sudo
+.Nm
process waits until the command has completed, then passes the
command's exit status to the security policy's close function and exits.
If an I/O logging plugin is configured or if the security policy
explicitly requests it, a new pseudo-terminal
.Pq Dq pty
is created and a second
-.Nm sudo
+.Nm
process is used to relay job control signals between the user's
existing pty and the new pty the command is being run in.
This extra process makes it possible to, for example, suspend
and it would not receive any job control signals.
As a special case, if the policy plugin does not define a close
function and no pty is required,
-.Nm sudo
+.Nm
will execute the command directly instead of calling
.Xr fork 2
first.
are enabled by default on systems using PAM.
.Ss Signal handling
When the command is run as a child of the
-.Nm sudo
+.Nm
process,
-.Nm sudo
+.Nm
will relay signals it receives to the command.
Unless the command is being run in a new pty, the
.Dv SIGHUP ,
should be used instead of
.Dv SIGSTOP
when you wish to suspend a command being run by
-.Nm sudo .
+.Nm .
.Pp
As a special case,
-.Nm sudo
+.Nm
will not relay signals that were sent by the command it is running.
This prevents the command from accidentally killing itself.
On some systems, the
to all non-system processes other than itself before rebooting
the system.
This prevents
-.Nm sudo
+.Nm
from relaying the
.Dv SIGTERM
signal it received back to
which might then exit before the system was actually rebooted,
leaving it in a half-dead state similar to single user mode.
Note, however, that this check only applies to the command run by
-.Nm sudo
+.Nm
and not any other processes that the command may create.
As a result, running a script that calls
.Xr reboot @mansectsu@
or
.Xr shutdown @mansectsu@
via
-.Nm sudo
+.Nm
may cause the system to end up in this undefined state unless the
.Xr reboot @mansectsu@
or
.Fn close
function, set a command timeout or required that the command be
run in a new pty,
-.Nm sudo
+.Nm
may execute the command directly instead of running it as a child process.
.Ss Plugins
Plugins may be specified via
file.
They may be loaded as dynamic shared objects (on systems that support them),
or compiled directly into the
-.Nm sudo
+.Nm
binary.
If no
.Xr sudo.conf @mansectform@
file is present, or it contains no
.Li Plugin
lines,
-.Nm sudo
+.Nm
will use the traditional
.Em sudoers
security policy and I/O logging.
file and the
.Xr sudo_plugin @mansectsu@
manual for more information about the
-.Nm sudo
+.Nm
plugin architecture.
.Sh EXIT VALUE
Upon successful execution of a program, the exit status from
will simply be the exit status of the program that was executed.
.Pp
Otherwise,
-.Nm sudo
+.Nm
exits with a value of 1 if there is a configuration/permission
problem or if
-.Nm sudo
+.Nm
cannot execute the given command.
In the latter case the error string is printed to the standard error.
If
-.Nm sudo
+.Nm
cannot
.Xr stat 2
one or more entries in the user's
.Ev PATH
is on a machine that is currently unreachable.
.Sh SECURITY NOTES
-.Nm sudo
+.Nm
tries to be safe when executing external commands.
.Pp
To prevent command spoofing,
-.Nm sudo
+.Nm
checks "." and "" (both denoting current directory) last when
searching for a command in the user's
.Ev PATH
environment variable is
.Em not
modified and is passed unchanged to the program that
-.Nm sudo
+.Nm
executes.
.Pp
Please note that
-.Nm sudo
+.Nm
will normally only log the command it explicitly runs.
If a user runs a command such as
.Li sudo su
If I/O logging is enabled, subsequent commands will have their input and/or
output logged, but there will not be traditional logs for those commands.
Because of this, care must be taken when giving users access to commands via
-.Nm sudo
+.Nm
to verify that the command does not inadvertently give the user an
effective root shell.
For more information, please see the
.Xr sudoers @mansectform@ .
.Pp
To prevent the disclosure of potentially sensitive information,
-.Nm sudo
+.Nm
disables core dumps by default while it is executing (they are
re-enabled for the command that is run).
To aid in debugging
-.Nm sudo
+.Nm
crashes, you may wish to re-enable core dumps by setting
.Dq disable_coredump
to false in the
.Xr sudo.conf @mansectform@
manual for more information.
.Sh ENVIRONMENT
-.Nm sudo
+.Nm
utilizes the following environment variables.
The security policy has control over the actual content of the command's
environment.
.Sh FILES
.Bl -tag -width 24n
.It Pa @sysconfdir@/sudo.conf
-.Nm sudo
+.Nm
front end configuration
.El
.Sh EXAMPLES
.Xr visudo @mansectsu@
.Sh HISTORY
See the HISTORY file in the
-.Nm sudo
+.Nm
distribution (http://www.sudo.ws/sudo/history.html) for a brief
history of sudo.
.Sh AUTHORS
Many people have worked on
-.Nm sudo
+.Nm
over the years; this version consists of code written primarily by:
.Bd -ragged -offset indent
Todd C. Miller
.Ed
.Pp
See the CONTRIBUTORS file in the
-.Nm sudo
+.Nm
distribution (http://www.sudo.ws/sudo/contributors.html) for an
exhaustive list of people who have contributed to
-.Nm sudo .
+.Nm .
.Sh CAVEATS
There is no easy way to prevent a user from gaining a root shell
if that user is allowed to run arbitrary commands via
-.Nm sudo .
+.Nm .
Also, many programs (such as editors) allow the user to run commands
via shell escapes, thus avoiding
.Nm sudo Ns 's
section for more information.
.Pp
Running shell scripts via
-.Nm sudo
+.Nm
can expose the same kernel bugs that make setuid shell scripts
unsafe on some operating systems (if your OS has a /dev/fd/ directory,
setuid shell scripts are generally safe).
.Sh BUGS
If you feel you have found a bug in
-.Nm sudo ,
+.Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT
Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives.
.Sh DISCLAIMER
-.Nm sudo
+.Nm
is provided
.Dq AS IS
and any express or implied warranties, including, but not limited
to, the implied warranties of merchantability and fitness for a
particular purpose are disclaimed.
See the LICENSE file distributed with
-.Nm sudo
+.Nm
or http://www.sudo.ws/sudo/license.html for complete details.
The following signals are trapped by default before the command is
executed:
.TP 4n
-\fBo\fR
+\fB\(bu\fR
\fRSIGALRM\fR
.PD 0
.TP 4n
-\fBo\fR
+\fB\(bu\fR
\fRSIGHUP\fR
.TP 4n
-\fBo\fR
+\fB\(bu\fR
\fRSIGINT\fR
.TP 4n
-\fBo\fR
+\fB\(bu\fR
\fRSIGQUIT\fR
.TP 4n
-\fBo\fR
+\fB\(bu\fR
\fRSIGTERM\fR
.TP 4n
-\fBo\fR
+\fB\(bu\fR
\fRSIGTSTP\fR
.TP 4n
-\fBo\fR
+\fB\(bu\fR
\fRSIGUSR1\fR
.TP 4n
-\fBo\fR
+\fB\(bu\fR
\fRSIGUSR2\fR
.PD
.PP
s\bsu\bud\bdo\boe\ber\brs\bs - default sudo security policy plugin
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
- The _\bs_\bu_\bd_\bo_\be_\br_\bs policy plugin determines a user's s\bsu\bud\bdo\bo privileges. It is the
+ The s\bsu\bud\bdo\boe\ber\brs\bs policy plugin determines a user's s\bsu\bud\bdo\bo privileges. It is the
default s\bsu\bud\bdo\bo policy plugin. The policy is driven by the _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs
file or, optionally in LDAP. The policy format is described in detail in
the _\bS_\bU_\bD_\bO_\bE_\bR_\bS _\bF_\bI_\bL_\bE _\bF_\bO_\bR_\bM_\bA_\bT section. For information on storing _\bs_\bu_\bd_\bo_\be_\br_\bs
variables in the PAM environment may be merged in to the environment. If
a variable in the PAM environment is already present in the user's
environment, the value will only be overridden if the variable was not
- preserved by s\bsu\bud\bdo\boe\ber\brs\bs.\b. When _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is enabled, variables preserved from
- the invoking user's environment by the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list take precedence over
- those in the PAM environment. When _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled, variables
+ preserved by s\bsu\bud\bdo\boe\ber\brs\bs. When _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is enabled, variables preserved
+ from the invoking user's environment by the _\be_\bn_\bv_\b__\bk_\be_\be_\bp list take precedence
+ over those in the PAM environment. When _\be_\bn_\bv_\b__\br_\be_\bs_\be_\bt is disabled, variables
present the invoking user's environment take precedence over those in the
PAM environment unless they match a pattern in the _\be_\bn_\bv_\b__\bd_\be_\bl_\be_\bt_\be list.
\- default sudo security policy plugin
.SH "DESCRIPTION"
The
-\fIsudoers\fR
+\fBsudoers\fR
policy plugin determines a user's
\fBsudo\fR
privileges.
If a variable in the PAM environment is already present in the
user's environment, the value will only be overridden if the variable
was not preserved by
-\fBsudoers.\fR
+\fBsudoers\fR.
When
\fIenv_reset\fR
is enabled, variables preserved from the invoking user's environment
.Nd default sudo security policy plugin
.Sh DESCRIPTION
The
-.Em sudoers
+.Nm
policy plugin determines a user's
.Nm sudo
privileges.
file is present, or if it contains no
.Li Plugin
lines,
-.Nm sudoers
+.Nm
will be used for policy decisions and I/O logging.
To explicitly configure
.Xr sudo.conf @mansectform@
to use the
-.Nm sudoers
+.Nm
plugin, the following configuration can be used.
.Bd -literal -offset indent
Plugin sudoers_policy sudoers.so
Starting with
.Nm sudo
1.8.5, it is possible to specify optional arguments to the
-.Nm sudoers
+.Nm
plugin in the
.Xr sudo.conf @mansectform@
file.
If a variable in the PAM environment is already present in the
user's environment, the value will only be overridden if the variable
was not preserved by
-.Nm sudoers.
+.Nm .
When
.Em env_reset
is enabled, variables preserved from the invoking user's environment
file, the first host name of the entry is considered to be the
.Dq canonical
name; subsequent names are aliases that are not used by
-.Nm sudoers .
+.Nm .
For example, the following hosts file line for the machine
.Dq xyzzy
has the fully-qualified domain name as the
Beware that when using DNS for host name resolution, turning on
.Em fqdn
requires
-.Nm sudoers
+.Nm
to make DNS lookups which renders
.Nm sudo
unusable if DNS stops working (for example if the machine is disconnected
it will
.Dq roll over
to zero, after which
-.Nm sudoers
+.Nm
will truncate and re-use any existing I/O log path names.
.Pp
This setting is only supported by version 1.8.7 or higher.
.El
.Sh GROUP PROVIDER PLUGINS
The
-.Nm sudoers
+.Nm
plugin supports its own plugin interface to allow non-Unix
group lookups which can query a group source other
than the standard Unix group database.
The group provider plugin API is described in detail in
.Xr sudo_plugin @mansectsu@ .
.Sh LOG FORMAT
-.Nm sudoers
+.Nm
can log events using either
.Xr syslog 3
or a simple log file.
.El
.Ss Error log entries
If an error occurs,
-.Nm sudoers
+.Nm
will log a message and, in most cases, send a message to the
administrator via email.
Possible errors include:
.Bl -tag -width 4
.It parse error in @sysconfdir@/sudoers near line N
-.Nm sudoers
+.Nm
encountered an error when parsing the specified file.
In some cases, the actual error may be one line above or below the
line number listed, depending on the type of error.
file is located on a remote file system that maps user ID 0 to
a different value.
Normally,
-.Nm sudoers
+.Nm
tries to open
.Em sudoers
using group permissions to avoid this problem.
is the user ID that owns the
.Em sudoers
file) to the end of the
-.Nm sudoers
+.Nm
.Li Plugin
line in the
.Xr sudo.conf @mansectform@
is the user ID that owns the
.Em sudoers
file) to the
-.Nm sudoers
+.Nm
.Li Plugin
line in the
.Xr sudo.conf @mansectform@
The default mode may be changed via the
.Dq sudoers_mode
option to the
-.Nm sudoers
+.Nm
.Li Plugin
line in the
.Xr sudo.conf @mansectform@
is the group ID that owns the
.Em sudoers
file) to the
-.Nm sudoers
+.Nm
.Li Plugin
line in the
.Xr sudo.conf @mansectform@
.Xr syslog 3
has a relatively small log buffer.
To prevent the command line arguments from being truncated,
-.Nm sudoers
+.Nm
will split up log messages that are larger than 960 characters
(not including the date, hostname, and the string
.Dq sudo ) .
on the same terminal.
.Sh DEBUGGING
Versions 1.8.4 and higher of the
-.Nm sudoers
+.Nm
plugin support a flexible debugging framework that can help track
down what the plugin is doing internally if there is a problem.
This can be configured in the
file.
.Pp
The
-.Nm sudoers
+.Nm
plugin uses the same debug flag format as the
.Nm sudo
front-end:
.Em subsystem Ns @ Ns Em priority .
.Pp
The priorities used by
-.Nm sudoers ,
+.Nm ,
in order of decreasing severity,
are:
.Em crit , err , warn , notice , diag , info , trace
and higher.
.Pp
The following subsystems are used by the
-.Nm sudoers
+.Nm
plugin:
.Bl -tag -width 8n
.It Em alias
.Op Fl s Ar num
ID
.Pp
-.Nm sudoreplay
+.Nm
.Op Fl h
.Op Fl d Ar dir
.Fl l
.Op search expression
.Sh DESCRIPTION
-.Nm sudoreplay
+.Nm
plays back or lists the output logs created by
.Nm sudo .
When replaying,
-.Nm sudoreplay
+.Nm
can play the session back in real-time, or the playback speed may be
adjusted (faster or slower) based on the command line options.
.Pp
list mode.
.Pp
In list mode,
-.Nm sudoreplay
+.Nm
can be used to find the ID of a session based on a number of criteria
such as the user, tty or command run.
.Pp
In replay mode, if the standard output has not been redirected,
-.Nm sudoreplay
+.Nm
will act on the following keys:
.Bl -tag -width 12n
.It So Li \en Sc No or So Li \er Sc
.It Fl f Ar filter , Fl -filter Ns = Ns Ar filter
Select which I/O type(s) to display.
By default,
-.Nm sudoreplay
+.Nm
will display the command's standard output, standard error and tty output.
The
.Ar filter
Enable
.Dq list mode .
In this mode,
-.Nm sudoreplay
+.Nm
will list available sessions in a format similar to the
.Nm sudo
log file format, sorted by file name (or sequence number).
.It Fl m , -max-wait Ar max_wait
Specify an upper bound on how long to wait between key presses or output data.
By default,
-.Nm sudoreplay
+.Nm
will accurately reproduce the delays between key presses or program output.
However, this can be tedious when the session includes long pauses.
When the
.Fl m
option is specified,
-.Nm sudoreplay
+.Nm
will limit these pauses to at most
.Em max_wait
seconds.
.Em 2.5 .
.It Fl s , -speed Ar speed_factor
This option causes
-.Nm sudoreplay
+.Nm
to adjust the number of seconds it will wait between key presses or
program output.
This can be used to slow down or speed up the display.
would make the output twice as slow.
.It Fl V , -version
Print the
-.Nm sudoreplay
+.Nm
versions version number and exit.
.El
.Ss Date and time format
will result in a time exactly two weeks from now, which is probably
not what was intended.
This will be addressed in a future version of
-.Nm sudoreplay .
+.Nm .
.Ss Debugging sudoreplay
-.Nm sudoreplay
+.Nm
versions 1.8.4 and higher support a flexible debugging framework
that is configured via
.Li Debug
Todd C. Miller
.Sh BUGS
If you feel you have found a bug in
-.Nm sudoreplay ,
+.Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT
Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives.
.Sh DISCLAIMER
-.Nm sudoreplay
+.Nm
is provided
.Dq AS IS
and any express or implied warranties, including, but not limited
may enter `e' to re-edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file, `x' to exit without saving the
changes, or `Q' to quit and save changes. The `Q' option should be used
with extreme care because if v\bvi\bis\bsu\bud\bdo\bo believes there to be a parse error,
- so will s\bsu\bud\bdo\bo and no one will be able to s\bsu\bud\bdo\bo again until the error is
+ so will s\bsu\bud\bdo\bo and no one will be able to run s\bsu\bud\bdo\bo again until the error is
fixed. If `e' is typed to edit the _\bs_\bu_\bd_\bo_\be_\br_\bs file after a parse error has
been detected, the cursor will be placed on the line where the error
occurred (if the editor supports this feature).
believes there to be a parse error, so will
\fBsudo\fR
and no one
-will be able to
+will be able to run
\fBsudo\fR
again until the error is fixed.
If
.Op Fl f Ar sudoers
.Op Fl x Ar output_file
.Sh DESCRIPTION
-.Nm visudo
+.Nm
edits the
.Em sudoers
file in a safe fashion, analogous to
.Xr vipw @mansectsu@ .
-.Nm visudo
+.Nm
locks the
.Em sudoers
file against multiple simultaneous edits, provides basic sanity checks,
file is currently being edited you will receive a message to try again later.
.Pp
There is a hard-coded list of one or more editors that
-.Nm visudo
+.Nm
will use set at compile-time that may be overridden via the
.Em editor
.Em sudoers
This list defaults to
.Li "@editor@" .
Normally,
-.Nm visudo
+.Nm
does not honor the
.Ev VISUAL
or
environment variables unless they contain an editor in the aforementioned
editors list.
However, if
-.Nm visudo
+.Nm
is configured with the
.Li --with-env-editor
option or the
.Li Default
variable is set in
.Em sudoers ,
-.Nm visudo
+.Nm
will use any the editor defines by
.Ev VISUAL
or
or
.Ev EDITOR .
.Pp
-.Nm visudo
+.Nm
parses the
.Em sudoers
file after the edit and will
not save the changes if there is a syntax error.
Upon finding an error,
-.Nm visudo
+.Nm
will print a message stating the line number(s)
where the error occurred and the user will receive the
.Dq What now?
The
.Ql Q
option should be used with extreme care because if
-.Nm visudo
+.Nm
believes there to be a parse error, so will
.Nm sudo
and no one
-will be able to
+will be able to run
.Nm sudo
again until the error is fixed.
If
.Fl q
option was specified.
If the check completes successfully,
-.Nm visudo
+.Nm
will exit with a value of 0.
If an error is encountered,
-.Nm visudo
+.Nm
will exit with a value of 1.
.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers
Specify an alternate
.Em sudoers
file location.
With this option,
-.Nm visudo
+.Nm
will edit (or check) the
.Em sudoers
file of your choice,
.Em sudoers
file.
If an alias is used before it is defined,
-.Nm visudo
+.Nm
will consider this a parse error.
Note that it is not possible to differentiate between an
alias and a host name or user name that consists solely of uppercase
character.
.It Fl V , -version
Print the
-.Nm visudo
+.Nm
and
.Em sudoers
grammar versions and exit.
format.
.El
.Ss Debugging and sudoers plugin arguments
-.Nm visudo
+.Nm
versions 1.8.4 and higher support a flexible debugging framework
that is configured via
.Li Debug
Starting with
.Nm sudo
1.8.12,
-.Nm visudo
+.Nm
will also parse the arguments to the
.Em sudoers
plugin to override the default
.Bl -tag -width 15n
.It Ev VISUAL
Invoked by
-.Nm visudo
+.Nm
as the editor to use
.It Ev EDITOR
Used by
-.Nm visudo
+.Nm
if
.Ev VISUAL
is not set
file.
.It Li @sysconfdir@/sudoers.tmp: Permission denied
You didn't run
-.Nm visudo
+.Nm
as root.
.It Li Can't find you in the passwd database
Your user ID does not appear in the system passwd file.
.Sh CAVEATS
There is no easy way to prevent a user from gaining a root shell if
the editor used by
-.Nm visudo
+.Nm
allows shell escapes.
.Sh BUGS
If you feel you have found a bug in
-.Nm visudo ,
+.Nm ,
please submit a bug report at http://www.sudo.ws/sudo/bugs/
.Sh SUPPORT
Limited free support is available via the sudo-users mailing list,
see http://www.sudo.ws/mailman/listinfo/sudo-users to subscribe or
search the archives.
.Sh DISCLAIMER
-.Nm visudo
+.Nm
is provided
.Dq AS IS
and any express or implied warranties, including, but not limited
projects / sudo / commitdiff