Why do I have to edit /etc/sudoers with visudo?

linux security unix configuration sudo
9,500

Solution 1

You use visudo mostly to prevent from breaking your system. Visudo runs checks on your changes to make sure you didn't mess anything up. If you did mess something up, you could completely wreck your ability to fix it or do anything requiring privileges without rebooting into a rescue mode.

The man page describes this.

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.

Solution 2

Zoredache answer is perfect.

One more thing that can be worth to mention. You can use you favorite editor by setting EDITOR or VISUAL:

export EDITOR=whatevertexteditoryouwant
export VISUAL=whatevertexteditoryouwant

Or:

EDITOR=whatevertexteditoryouwant visudo
Share:
9,500

Related videos on Youtube

Brian Lyttle
Author by

Brian Lyttle

Updated on September 17, 2022

Comments

  • Brian Lyttle
    Brian Lyttle over 1 year

    I've noticed that the sudoers file and cron config files act in a special way compared to other config files on Linux. They need to be edited with a special wrapper rather than any text editor. Why is this?

  • ansonl
    ansonl almost 15 years
    Interesting! +1, for illustrating a simple explanation for something that I should have known a long time ago :)
  • Joyce
    Joyce almost 15 years
    The behaviour of visudo is available generically as a command called sudoedit. This does the same lock/copy/edit/copy/unlock cycle (though obviously not with the parse step). One advantage this has is that it lets you give people sudo access to edit root-owned files without launching an editor as root, which might let them launch a shell from within the editor. If I shell out of my editor while running sudoedit, my euid is still my own.
  • balaji
    balaji over 12 years
    If you do that, it will still do the syntax-check step, or it will be equivalent of calling sudoedit like @James F suggested?
  • user649102
    user649102 over 12 years
    Yes is the answer to your question. You can use almost any editor you can invoke from cli.
  • balaji
    balaji over 12 years
    It was not a yes or no question :V
  • user649102
    user649102 over 12 years
    It will do the syntax check.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

sudo still ask for password when NOPASSWD is used
What do the "ALL"s in the line " %admin ALL=(ALL) ALL " in Ubuntu's /etc/sudoers file stand for?
fine-grained sudoers configuration (allowed commandline arguments)
What's the difference between the commands "su -s" and "sudo -s"?
Iptables: Block all countries except my own for specific port
Monit "check program" and restart based on exit code
OpenVPN bad source address from client
Using UUIDs for passwords
How to add a linux user with a random or invalid password from a script
security issue of Linux sudo command?