Annotation of src/usr.bin/sudo/visudo.8, Revision 1.4
1.1 millert 1: .rn '' }`
1.4 ! pjanzen 2: ''' $RCSfile: visudo.8,v $$Revision: 1.3 $$Date: 2000/03/27 03:44:39 $
! 3: '''
! 4: ''' $Log: visudo.8,v $
! 5: ''' Revision 1.3 2000/03/27 03:44:39 millert
! 6: ''' sudo 1.6.3; see http://www.courtesan.com/sudo/current.html for a list
! 7: ''' of changes.
1.1 millert 8: '''
1.3 millert 9: ''' Revision 1.4 2000/03/27 03:26:24 millert
10: ''' Use 8 and 5 in the man page bodies as well.
1.1 millert 11: '''
12: '''
13: .de Sh
14: .br
15: .if t .Sp
16: .ne 5
17: .PP
18: \fB\\$1\fR
19: .PP
20: ..
21: .de Sp
22: .if t .sp .5v
23: .if n .sp
24: ..
25: .de Ip
26: .br
27: .ie \\n(.$>=3 .ne \\$3
28: .el .ne 3
29: .IP "\\$1" \\$2
30: ..
31: .de Vb
32: .ft CW
33: .nf
34: .ne \\$1
35: ..
36: .de Ve
37: .ft R
38:
39: .fi
40: ..
41: '''
42: '''
43: ''' Set up \*(-- to give an unbreakable dash;
44: ''' string Tr holds user defined translation string.
45: ''' Bell System Logo is used as a dummy character.
46: '''
47: .tr \(*W-|\(bv\*(Tr
48: .ie n \{\
49: .ds -- \(*W-
50: .ds PI pi
51: .if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
52: .if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
53: .ds L" ""
54: .ds R" ""
55: ''' \*(M", \*(S", \*(N" and \*(T" are the equivalent of
56: ''' \*(L" and \*(R", except that they are used on ".xx" lines,
57: ''' such as .IP and .SH, which do another additional levels of
58: ''' double-quote interpretation
59: .ds M" """
60: .ds S" """
61: .ds N" """""
62: .ds T" """""
63: .ds L' '
64: .ds R' '
65: .ds M' '
66: .ds S' '
67: .ds N' '
68: .ds T' '
69: 'br\}
70: .el\{\
71: .ds -- \(em\|
72: .tr \*(Tr
73: .ds L" ``
74: .ds R" ''
75: .ds M" ``
76: .ds S" ''
77: .ds N" ``
78: .ds T" ''
79: .ds L' `
80: .ds R' '
81: .ds M' `
82: .ds S' '
83: .ds N' `
84: .ds T' '
85: .ds PI \(*p
86: 'br\}
87: .\" If the F register is turned on, we'll generate
88: .\" index entries out stderr for the following things:
89: .\" TH Title
90: .\" SH Header
91: .\" Sh Subsection
92: .\" Ip Item
93: .\" X<> Xref (embedded
94: .\" Of course, you have to process the output yourself
1.4 ! pjanzen 95: .\" in some meaningful fashion.
1.1 millert 96: .if \nF \{
97: .de IX
98: .tm Index:\\$1\t\\n%\t"\\$2"
99: ..
100: .nr % 0
101: .rr F
102: .\}
1.3 millert 103: .TH visudo 8 "1.6.3" "26/Mar/2000" "MAINTENANCE COMMANDS"
1.1 millert 104: .UC
105: .if n .hy 0
106: .if n .na
107: .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
108: .de CQ \" put $1 in typewriter font
109: .ft CW
110: 'if n "\c
111: 'if t \\&\\$1\c
112: 'if n \\&\\$1\c
113: 'if n \&"
114: \\&\\$2 \\$3 \\$4 \\$5 \\$6 \\$7
115: '.ft R
116: ..
117: .\" @(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2
118: . \" AM - accent mark definitions
119: .bd B 3
120: . \" fudge factors for nroff and troff
121: .if n \{\
122: . ds #H 0
123: . ds #V .8m
124: . ds #F .3m
125: . ds #[ \f1
126: . ds #] \fP
127: .\}
128: .if t \{\
129: . ds #H ((1u-(\\\\n(.fu%2u))*.13m)
130: . ds #V .6m
131: . ds #F 0
132: . ds #[ \&
133: . ds #] \&
134: .\}
135: . \" simple accents for nroff and troff
136: .if n \{\
137: . ds ' \&
138: . ds ` \&
139: . ds ^ \&
140: . ds , \&
141: . ds ~ ~
142: . ds ? ?
143: . ds ! !
144: . ds /
145: . ds q
146: .\}
147: .if t \{\
148: . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
149: . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
150: . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
151: . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
152: . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
153: . ds ? \s-2c\h'-\w'c'u*7/10'\u\h'\*(#H'\zi\d\s+2\h'\w'c'u*8/10'
154: . ds ! \s-2\(or\s+2\h'-\w'\(or'u'\v'-.8m'.\v'.8m'
155: . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
156: . ds q o\h'-\w'o'u*8/10'\s-4\v'.4m'\z\(*i\v'-.4m'\s+4\h'\w'o'u*8/10'
157: .\}
158: . \" troff and (daisy-wheel) nroff accents
159: .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
160: .ds 8 \h'\*(#H'\(*b\h'-\*(#H'
161: .ds v \\k:\h'-(\\n(.wu*9/10-\*(#H)'\v'-\*(#V'\*(#[\s-4v\s0\v'\*(#V'\h'|\\n:u'\*(#]
162: .ds _ \\k:\h'-(\\n(.wu*9/10-\*(#H+(\*(#F*2/3))'\v'-.4m'\z\(hy\v'.4m'\h'|\\n:u'
163: .ds . \\k:\h'-(\\n(.wu*8/10)'\v'\*(#V*4/10'\z.\v'-\*(#V*4/10'\h'|\\n:u'
164: .ds 3 \*(#[\v'.2m'\s-2\&3\s0\v'-.2m'\*(#]
165: .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
166: .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
167: .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
168: .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
169: .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
170: .ds ae a\h'-(\w'a'u*4/10)'e
171: .ds Ae A\h'-(\w'A'u*4/10)'E
172: .ds oe o\h'-(\w'o'u*4/10)'e
173: .ds Oe O\h'-(\w'O'u*4/10)'E
174: . \" corrections for vroff
175: .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
176: .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
177: . \" for low resolution devices (crt and lpr)
178: .if \n(.H>23 .if \n(.V>19 \
179: \{\
180: . ds : e
181: . ds 8 ss
182: . ds v \h'-1'\o'\(aa\(ga'
183: . ds _ \h'-1'^
184: . ds . \h'-1'.
185: . ds 3 3
186: . ds o a
187: . ds d- d\h'-1'\(ga
188: . ds D- D\h'-1'\(hy
189: . ds th \o'bp'
190: . ds Th \o'LP'
191: . ds ae ae
192: . ds Ae AE
193: . ds oe oe
194: . ds Oe OE
195: .\}
196: .rm #[ #] #H #V #F C
197: .SH "NAME"
198: visudo \- edit the sudoers file
199: .SH "SYNOPSIS"
200: \fBvisudo\fR [ \fB\-s\fR ] [ \fB\-V\fR ]
201: .SH "DESCRIPTION"
202: \fBvisudo\fR edits the \fIsudoers\fR file in a safe fashion, analogous to
203: \fIvipw\fR\|(8). \fBvisudo\fR locks the \fIsudoers\fR file against multiple
204: simultaneous edits, provides basic sanity checks, and checks
205: for parse errors. If the \fIsudoers\fR file is currently being
206: edited you will receive a message to try again later. In the
207: default configuration, the \fIvi\fR\|(1) editor is used, but there is
1.4 ! pjanzen 208: a compile-time option to allow use of whatever editor the
1.1 millert 209: environment variables \f(CWEDITOR\fR or \f(CWVISUAL\fR are set to.
210: .PP
211: \fBvisudo\fR parses the \fIsudoers\fR file after the edit and will
212: not save the changes if there is a syntax error. Upon finding
1.4 ! pjanzen 213: an error, \fBvisudo\fR will print a message stating the line \fInumber\fR\|(s)
1.1 millert 214: that the error occurred on and the user will receive the
215: \*(L"What now?\*(R" prompt. At this point the user may enter \*(L"e\*(R"
1.4 ! pjanzen 216: to re-edit the \fIsudoers\fR file, \*(L"x\*(R" to exit without
1.1 millert 217: saving the changes, or \*(L"Q\*(R" to quit and save changes. The
218: \*(L"Q\*(R" option should be used with extreme care because if \fBvisudo\fR
219: believes there to be a parse error, so will \fBsudo\fR and no one
1.4 ! pjanzen 220: will be able to use \fBsudo\fR again until the error is fixed.
1.1 millert 221: Any other command at this prompt will print a short help message.
1.4 ! pjanzen 222: If \*(L"e\*(R" is typed to edit the \fIsudoers\fR file after a parse error
! 223: has been detected, the cursor will be placed on the line where the error
1.1 millert 224: occurred (if the editor supports this feature).
225: .SH "OPTIONS"
1.4 ! pjanzen 226: \fBvisudo\fR accepts the following command line options:
1.1 millert 227: .Ip "-s" 4
228: Enable \fBstrict\fR checking of the \fIsudoers\fR file. If an alias is
229: used before it is defined, \fBvisudo\fR will consider this a parse
230: error. Note that it is not possible to differentiate between an
231: alias and a hostname or username that consists solely of upper case
232: letters, digits, and the underscore ('_') character.
233: .Ip "-V" 4
1.4 ! pjanzen 234: The \f(CW-V\fR (version) option causes \fBvisudo\fR to print its version number
1.1 millert 235: and exit.
236: .SH "ERRORS"
237: .Ip "sudoers file busy, try again later." 4
238: Someone else is currently editing the \fIsudoers\fR file.
239: .Ip "/etc/sudoers.tmp: Permission denied" 4
240: You didn't run \fBvisudo\fR as root.
241: .Ip "Can't find you in the passwd database" 4
242: Your userid does not appear in the system passwd file.
243: .Ip "Warning: undeclared Alias referenced near ..." 4
244: Either you are using a {User,Runas,Host,Cmnd}_Alias before
245: defining it or you have a user or hostname listed that
246: consists solely of upper case letters, digits, and the
247: underscore ('_') character. If the latter, you can ignore
248: the warnings (\fBsudo\fR will not complain). In \fB\-s\fR (strict)
1.4 ! pjanzen 249: mode these are errors, not warnings.
1.1 millert 250: .SH "ENVIRONMENT"
251: The following environment variables are used only if \fBvisudo\fR
252: was configured with the \fI--with-env-editor\fR option:
1.2 millert 253: .PP
1.1 millert 254: .Vb 2
1.4 ! pjanzen 255: \& EDITOR Invoked by visudo as the editor
! 256: \& VISUAL Invoked by visudo if EDITOR is not set
1.1 millert 257: .Ve
258: .SH "FILES"
1.2 millert 259: .PP
1.1 millert 260: .Vb 2
261: \& /etc/sudoers List of who can run what
262: \& /etc/sudoers.tmp Lock file for visudo
263: .Ve
264: .SH "AUTHOR"
1.4 ! pjanzen 265: Many people have worked on \fIsudo\fR over the years. This version of
1.1 millert 266: \fBvisudo\fR was written by:
1.2 millert 267: .PP
1.1 millert 268: .Vb 1
269: \& Todd Miller <Todd.Miller@courtesan.com>
270: .Ve
271: See the HISTORY file in the sudo distribution for more details.
272: .SH "BUGS"
273: If you feel you have found a bug in sudo, please submit a bug report
1.2 millert 274: at http://www.courtesan.com/sudo/bugs/
1.1 millert 275: .SH "DISCLAIMER"
276: \fBVisudo\fR is provided ``AS IS'\*(R' and any express or implied warranties,
277: including, but not limited to, the implied warranties of merchantability
278: and fitness for a particular purpose are disclaimed.
279: See the LICENSE file distributed with \fBsudo\fR for complete details.
280: .SH "CAVEATS"
281: There is no easy way to prevent a user from gaining a root shell if
282: the editor used by \fBvisudo\fR allows shell escapes.
283: .SH "SEE ALSO"
284: \fIsudo\fR\|(8), \fIvipw\fR\|(8).
285:
286: .rn }` ''
287: .IX Title "visudo 8"
288: .IX Name "visudo - edit the sudoers file"
289:
290: .IX Header "NAME"
291:
292: .IX Header "SYNOPSIS"
293:
294: .IX Header "DESCRIPTION"
295:
296: .IX Header "OPTIONS"
297:
298: .IX Item "-s"
299:
300: .IX Item "-V"
301:
302: .IX Header "ERRORS"
303:
304: .IX Item "sudoers file busy, try again later."
305:
306: .IX Item "/etc/sudoers.tmp: Permission denied"
307:
308: .IX Item "Can't find you in the passwd database"
309:
310: .IX Item "Warning: undeclared Alias referenced near ..."
311:
312: .IX Header "ENVIRONMENT"
313:
314: .IX Header "FILES"
315:
316: .IX Header "AUTHOR"
317:
318: .IX Header "BUGS"
319:
320: .IX Header "DISCLAIMER"
321:
322: .IX Header "CAVEATS"
323:
324: .IX Header "SEE ALSO"
325: