v\bvi\bis\bsu\bud\bdo\bo - edit the sudoers file
S\bSY\bYN\bNO\bOP\bPS\bSI\bIS\bS
- v\bvi\bis\bsu\bud\bdo\bo [-\b-c\bch\bhq\bqs\bsV\bV] [-\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs]
+ v\bvi\bis\bsu\bud\bdo\bo [-\b-c\bch\bhq\bqs\bsV\bV] [[-\b-f\bf] _\bs_\bu_\bd_\bo_\be_\br_\bs]
D\bDE\bES\bSC\bCR\bRI\bIP\bPT\bTI\bIO\bON\bN
v\bvi\bis\bsu\bud\bdo\bo edits the _\bs_\bu_\bd_\bo_\be_\br_\bs file in a safe fashion, analogous to vipw(1m).
-\b-c\bc, -\b--\b-c\bch\bhe\bec\bck\bk
Enable _\bc_\bh_\be_\bc_\bk_\b-_\bo_\bn_\bl_\by mode. The existing _\bs_\bu_\bd_\bo_\be_\br_\bs file (and any
other files it includes) will be checked for syntax errors.
- If the -\b-f\bf option has not been specified, v\bvi\bis\bsu\bud\bdo\bo will also
- check the _\bs_\bu_\bd_\bo_\be_\br_\bs file owner and mode. A message will be
+ If the path to the _\bs_\bu_\bd_\bo_\be_\br_\bs file was not specified, v\bvi\bis\bsu\bud\bdo\bo
+ will also check the file owner and mode. A message will be
printed to the standard output describing the status of
_\bs_\bu_\bd_\bo_\be_\br_\bs unless the -\b-q\bq option was specified. If the check
completes successfully, v\bvi\bis\bsu\bud\bdo\bo will exit with a value of 0.
1.
-\b-f\bf _\bs_\bu_\bd_\bo_\be_\br_\bs, -\b--\b-f\bfi\bil\ble\be=_\bs_\bu_\bd_\bo_\be_\br_\bs
- Specify an alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location. With this
- option, v\bvi\bis\bsu\bud\bdo\bo will edit (or check) the _\bs_\bu_\bd_\bo_\be_\br_\bs file of your
- choice, instead of the default, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs. The lock file
- used is the specified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp" appended to
- it. In _\bc_\bh_\be_\bc_\bk_\b-_\bo_\bn_\bl_\by mode only, the argument to -\b-f\bf may be `-',
- indicating that _\bs_\bu_\bd_\bo_\be_\br_\bs will be read from the standard input.
- Because the policy is evaluated in its entirety, it is not
- sufficient to check an individual _\bs_\bu_\bd_\bo_\be_\br_\bs include file for
- syntax errors.
+ Specify an alternate _\bs_\bu_\bd_\bo_\be_\br_\bs file location, see below. As of
+ version 1.8.27, the _\bs_\bu_\bd_\bo_\be_\br_\bs path can be specified without
+ using the -\b-f\bf option.
-\b-h\bh, -\b--\b-h\bhe\bel\blp\bp Display a short help message to the standard output and exit.
-\b-V\bV, -\b--\b-v\bve\ber\brs\bsi\bio\bon\bn
Print the v\bvi\bis\bsu\bud\bdo\bo and _\bs_\bu_\bd_\bo_\be_\br_\bs grammar versions and exit.
+ A _\bs_\bu_\bd_\bo_\be_\br_\bs file may be specified instead of the default, _\b/_\be_\bt_\bc_\b/_\bs_\bu_\bd_\bo_\be_\br_\bs.
+ The lock file used is the specified _\bs_\bu_\bd_\bo_\be_\br_\bs file with ".tmp" appended to
+ it. In _\bc_\bh_\be_\bc_\bk_\b-_\bo_\bn_\bl_\by mode only, `-' may be used to indicate that _\bs_\bu_\bd_\bo_\be_\br_\bs
+ will be read from the standard input. Because the policy is evaluated in
+ its entirety, it is not sufficient to check an individual _\bs_\bu_\bd_\bo_\be_\br_\bs include
+ file for syntax errors.
+
D\bDe\beb\bbu\bug\bgg\bgi\bin\bng\bg a\ban\bnd\bd s\bsu\bud\bdo\boe\ber\brs\bs p\bpl\blu\bug\bgi\bin\bn a\bar\brg\bgu\bum\bme\ben\bnt\bts\bs
v\bvi\bis\bsu\bud\bdo\bo versions 1.8.4 and higher support a flexible debugging framework
that is configured via Debug lines in the sudo.conf(4) file.
file distributed with s\bsu\bud\bdo\bo or https://www.sudo.ws/license.html for
complete details.
-Sudo 1.8.26 October 6, 2018 Sudo 1.8.26
+Sudo 1.8.26 December 24, 2018 Sudo 1.8.26
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.TH "VISUDO" "@mansectsu@" "October 6, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
+.TH "VISUDO" "@mansectsu@" "December 24, 2018" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
.nh
.if n .ad l
.SH "NAME"
.HP 7n
\fBvisudo\fR
[\fB\-chqsV\fR]
-[\fB\-f\fR\ \fIsudoers\fR]
+[[\fB\-f\fR]\ \fIsudoers\fR]
.SH "DESCRIPTION"
\fBvisudo\fR
edits the
\fIsudoers\fR
file (and any other files it includes) will be
checked for syntax errors.
-If the
-\fB\-f\fR
-option has not been specified,
-\fBvisudo\fR
-will also check the
+If the path to the
\fIsudoers\fR
-file owner and mode.
+file was not specified,
+\fBvisudo\fR
+will also check the file owner and mode.
A message will be printed to the standard output describing the status of
\fIsudoers\fR
unless the
\fB\-f\fR \fIsudoers\fR, \fB\--file\fR=\fIsudoers\fR
Specify an alternate
\fIsudoers\fR
-file location.
-With this option,
-\fBvisudo\fR
-will edit (or check) the
+file location, see below.
+As of version 1.8.27, the
\fIsudoers\fR
-file of your choice,
-instead of the default,
-\fI@sysconfdir@/sudoers\fR.
-The lock file used is the specified
-\fIsudoers\fR
-file with
-\(lq\.tmp\(rq
-appended to it.
-In
-\fIcheck-only\fR
-mode only, the argument to
+path can be specified without using the
\fB\-f\fR
-may be
-\(oq-\(cq,
-indicating that
-\fIsudoers\fR
-will be read from the standard input.
-Because the policy is evaluated in its entirety, it is not sufficient
-to check an individual
-\fIsudoers\fR
-include file for syntax errors.
+option.
.TP 12n
\fB\-h\fR, \fB\--help\fR
Display a short help message to the standard output and exit.
and
\fIsudoers\fR
grammar versions and exit.
+.PP
+A
+\fIsudoers\fR
+file may be specified instead of the default,
+\fI@sysconfdir@/sudoers\fR.
+The lock file used is the specified
+\fIsudoers\fR
+file with
+\(lq\.tmp\(rq
+appended to it.
+In
+\fIcheck-only\fR
+mode only,
+\(oq-\(cq
+may be used to indicate that
+\fIsudoers\fR
+will be read from the standard input.
+Because the policy is evaluated in its entirety, it is not sufficient
+to check an individual
+\fIsudoers\fR
+include file for syntax errors.
.SS "Debugging and sudoers plugin arguments"
\fBvisudo\fR
versions 1.8.4 and higher support a flexible debugging framework
.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
.\"
-.Dd October 6, 2018
+.Dd December 24, 2018
.Dt VISUDO @mansectsu@
.Os Sudo @PACKAGE_VERSION@
.Sh NAME
.Sh SYNOPSIS
.Nm visudo
.Op Fl chqsV
-.Op Fl f Ar sudoers
+.Op Bo Fl f Bc Ar sudoers
.Sh DESCRIPTION
.Nm
edits the
.Em sudoers
file (and any other files it includes) will be
checked for syntax errors.
-If the
-.Fl f
-option has not been specified,
-.Nm
-will also check the
+If the path to the
.Em sudoers
-file owner and mode.
+file was not specified,
+.Nm
+will also check the file owner and mode.
A message will be printed to the standard output describing the status of
.Em sudoers
unless the
.It Fl f Ar sudoers , Fl -file Ns = Ns Ar sudoers
Specify an alternate
.Em sudoers
-file location.
-With this option,
-.Nm
-will edit (or check) the
+file location, see below.
+As of version 1.8.27, the
.Em sudoers
-file of your choice,
-instead of the default,
-.Pa @sysconfdir@/sudoers .
-The lock file used is the specified
-.Em sudoers
-file with
-.Dq \.tmp
-appended to it.
-In
-.Em check-only
-mode only, the argument to
+path can be specified without using the
.Fl f
-may be
-.Ql - ,
-indicating that
-.Em sudoers
-will be read from the standard input.
-Because the policy is evaluated in its entirety, it is not sufficient
-to check an individual
-.Em sudoers
-include file for syntax errors.
+option.
.It Fl h , -help
Display a short help message to the standard output and exit.
.It Fl q , -quiet
.Em sudoers
grammar versions and exit.
.El
+.Pp
+A
+.Em sudoers
+file may be specified instead of the default,
+.Pa @sysconfdir@/sudoers .
+The lock file used is the specified
+.Em sudoers
+file with
+.Dq \.tmp
+appended to it.
+In
+.Em check-only
+mode only,
+.Ql -
+may be used to indicate that
+.Em sudoers
+will be read from the standard input.
+Because the policy is evaluated in its entirety, it is not sufficient
+to check an individual
+.Em sudoers
+include file for syntax errors.
.Ss Debugging and sudoers plugin arguments
.Nm
versions 1.8.4 and higher support a flexible debugging framework
char *editor, **editor_argv;
const char *export_path = NULL;
int ch, oldlocale, editor_argc, exitcode = 0;
- bool quiet, strict, oldperms;
+ bool quiet, strict, fflag;
debug_decl(main, SUDOERS_DEBUG_MAIN)
#if defined(SUDO_DEVEL) && defined(__OpenBSD__)
/*
* Arg handling.
*/
- checkonly = oldperms = quiet = strict = false;
+ checkonly = fflag = quiet = strict = false;
while ((ch = getopt_long(argc, argv, short_opts, long_opts, NULL)) != -1) {
switch (ch) {
case 'V':
break;
case 'f':
sudoers_file = optarg; /* sudoers file path */
- oldperms = true;
+ fflag = true;
break;
case 'h':
help();
usage(1);
}
}
- /* There should be no other command line arguments. */
- if (argc - optind != 0)
+ argc -= optind;
+ argv += optind;
+
+ /* Check for optional sudoers file argument. */
+ switch (argc) {
+ case 0:
+ break;
+ case 1:
+ /* Only accept sudoers file if no -f was specified. */
+ if (!fflag) {
+ sudoers_file = *argv;
+ fflag = true;
+ }
+ break;
+ default:
usage(1);
+ }
if (export_path != NULL) {
/* Backwards compatibility for the time being. */
sudo_fatalx(U_("unable to initialize sudoers default values"));
if (checkonly) {
- exitcode = check_syntax(sudoers_file, quiet, strict, oldperms) ? 0 : 1;
+ exitcode = check_syntax(sudoers_file, quiet, strict, fflag) ? 0 : 1;
goto done;
}
*/
if (reparse_sudoers(editor, editor_argc, editor_argv, strict, quiet)) {
TAILQ_FOREACH(sp, &sudoerslist, entries) {
- (void) install_sudoers(sp, oldperms);
+ (void) install_sudoers(sp, fflag);
}
}
free(editor);
usage(int fatal)
{
(void) fprintf(fatal ? stderr : stdout,
- "usage: %s [-chqsV] [-f sudoers]\n", getprogname());
+ "usage: %s [-chqsV] [[-f] sudoers ]\n", getprogname());
if (fatal)
exit(1);
}
projects / sudo / commitdiff