mirror of
https://github.com/sudo-project/sudo.git
synced 2025-08-22 01:49:11 +00:00
Mention visudo in sudo(8) and document sudoers error recovery.
This commit is contained in:
Todd C. Miller
parent
ce97ca28db
commit
71a879d905
@ -25,7 +25,7 @@
|
||||
.nr BA @BAMAN@
|
||||
.nr LC @LCMAN@
|
||||
.nr PS @PSMAN@
|
||||
.TH "SUDO" "@mansectsu@" "July 22, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
|
||||
.TH "SUDO" "@mansectsu@" "August 11, 2020" "Sudo @PACKAGE_VERSION@" "System Manager's Manual"
|
||||
.nh
|
||||
.if n .ad l
|
||||
.SH "NAME"
|
||||
@ -156,6 +156,16 @@ with the
|
||||
option, a user can update the cached credentials without running a
|
||||
\fIcommand\fR.
|
||||
.PP
|
||||
On systems where
|
||||
\fBsudo\fR
|
||||
is the primary method of gaining superuser privileges, it is imperative
|
||||
to avoid syntax errors in the security policy configuration files.
|
||||
For the default security policy,
|
||||
sudoers(@mansectform@),
|
||||
changes to the configuration files should be made using the
|
||||
visudo(@mansectsu@)
|
||||
utility which will ensure that no syntax errors are introduced.
|
||||
.PP
|
||||
When invoked as
|
||||
\fBsudoedit\fR,
|
||||
the
|
||||
@ -932,13 +942,13 @@ or compiled directly into the
|
||||
binary.
|
||||
If no
|
||||
sudo.conf(@mansectform@)
|
||||
file is present, or it contains no
|
||||
file is present, or if it doesn't contain any
|
||||
\fRPlugin\fR
|
||||
lines,
|
||||
\fBsudo\fR
|
||||
will use the traditional
|
||||
\fIsudoers\fR
|
||||
security policy and I/O logging.
|
||||
will use
|
||||
sudoers(@mansectform@)
|
||||
for the policy, auditing and I/O logging plugins.
|
||||
See the
|
||||
sudo.conf(@mansectform@)
|
||||
manual for details of the
|
||||
|
||||
@ -24,7 +24,7 @@
|
||||
.nr BA @BAMAN@
|
||||
.nr LC @LCMAN@
|
||||
.nr PS @PSMAN@
|
||||
.Dd July 22, 2020
|
||||
.Dd August 11, 2020
|
||||
.Dt SUDO @mansectsu@
|
||||
.Os Sudo @PACKAGE_VERSION@
|
||||
.Sh NAME
|
||||
@ -158,6 +158,16 @@ with the
|
||||
option, a user can update the cached credentials without running a
|
||||
.Ar command .
|
||||
.Pp
|
||||
On systems where
|
||||
.Nm
|
||||
is the primary method of gaining superuser privileges, it is imperative
|
||||
to avoid syntax errors in the security policy configuration files.
|
||||
For the default security policy,
|
||||
.Xr sudoers @mansectform@ ,
|
||||
changes to the configuration files should be made using the
|
||||
.Xr visudo @mansectsu@
|
||||
utility which will ensure that no syntax errors are introduced.
|
||||
.Pp
|
||||
When invoked as
|
||||
.Nm sudoedit ,
|
||||
the
|
||||
@ -873,13 +883,13 @@ or compiled directly into the
|
||||
binary.
|
||||
If no
|
||||
.Xr sudo.conf @mansectform@
|
||||
file is present, or it contains no
|
||||
file is present, or if it doesn't contain any
|
||||
.Li Plugin
|
||||
lines,
|
||||
.Nm
|
||||
will use the traditional
|
||||
.Em sudoers
|
||||
security policy and I/O logging.
|
||||
will use
|
||||
.Xr sudoers @mansectform@
|
||||
for the policy, auditing and I/O logging plugins.
|
||||
See the
|
||||
.Xr sudo.conf @mansectform@
|
||||
manual for details of the
|
||||
|
||||
@ -6245,15 +6245,23 @@ file should
|
||||
\fBalways\fR
|
||||
be edited by the
|
||||
\fBvisudo\fR
|
||||
command which locks the file and does grammatical checking.
|
||||
It is
|
||||
imperative that the
|
||||
utility which locks the file and checks for syntax errors.
|
||||
If
|
||||
\fIsudoers\fR
|
||||
file be free of syntax errors since
|
||||
contains syntax errors,
|
||||
\fBsudo\fR
|
||||
will not run with a syntactically incorrect
|
||||
may refuse to run, which is a serious problem if
|
||||
\fBsudo\fR
|
||||
is your only method of obtaining superuser privileges.
|
||||
Recent versions of
|
||||
\fBsudoers\fR
|
||||
will attempt to recover after a syntax error by ignoring the rest of
|
||||
the line after encountering an error.
|
||||
Older versions of
|
||||
\fBsudo\fR
|
||||
will not run if
|
||||
\fIsudoers\fR
|
||||
file.
|
||||
contains a syntax error.
|
||||
.PP
|
||||
When using netgroups of machines (as opposed to users), if you
|
||||
store fully qualified host name in the netgroup (as is usually the
|
||||
|
||||
@ -5762,15 +5762,23 @@ file should
|
||||
.Sy always
|
||||
be edited by the
|
||||
.Nm visudo
|
||||
command which locks the file and does grammatical checking.
|
||||
It is
|
||||
imperative that the
|
||||
utility which locks the file and checks for syntax errors.
|
||||
If
|
||||
.Em sudoers
|
||||
file be free of syntax errors since
|
||||
contains syntax errors,
|
||||
.Nm sudo
|
||||
will not run with a syntactically incorrect
|
||||
may refuse to run, which is a serious problem if
|
||||
.Nm sudo
|
||||
is your only method of obtaining superuser privileges.
|
||||
Recent versions of
|
||||
.Nm
|
||||
will attempt to recover after a syntax error by ignoring the rest of
|
||||
the line after encountering an error.
|
||||
Older versions of
|
||||
.Nm sudo
|
||||
will not run if
|
||||
.Em sudoers
|
||||
file.
|
||||
contains a syntax error.
|
||||
.Pp
|
||||
When using netgroups of machines (as opposed to users), if you
|
||||
store fully qualified host name in the netgroup (as is usually the
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user