Securely edit the sudo file over the network

visudo

If you follow my other posting regarding "vipw" and "vigr' then no explanation required.It has done the same thing as did with those two command.Open the /etc/sudoers file and attach a lock with it. Once you are done with it ,the lock gets released and the changes reflected to the original file.It will open a tmp file in vi editor to give you the chance to edit the sudoers file securely.visudo parses the sudoers file after the edit and will not save the changes if there is a syntax error. Upon finding an error, visudo will print a message stating the line number(s) where the error occurred and the user will receive the "What now?" prompt. At this point the user may enter "e" to re-edit the sudoers file, "x" to exit without saving the changes, or "Q" to quit and save changes. The "Q" option should be used with extreme care because if visudo believes there to be a parse error, so will sudo and no one will be able to sudo again until the error is fixed. If "e" is typed to edit the sudoers file after a parse error has been detected, the cursor will be placed on the line where the error occurred (if the editor supports this feature). PS: Although I have had experienced myself and few people shown to me that it behaves badly in some distribution ,noteably SLES.But the problem can be rectified with little caution.

Sample Output

# sudoers file.
  2 #
  3 # This file MUST be edited with the 'visudo' command as root.
  4 #
  5 # See the sudoers man page for the details on how to write a sudoers file.
  6 #
  7
  8 # Host alias specification
  9
 10 # User alias specification
 11
 12 # Cmnd alias specification
 13
 14 # Defaults specification
 15
 16 # Prevent environment variables from influencing programs in an
 17 # unexpected or harmful way (CVE-2005-2959, CVE-2005-4158, CVE-2006-0151)
 18 Defaults always_set_home
 19 Defaults env_reset
 20
 21 Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME     LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
 22 # Comment out the preceding line and uncomment the following one if you need
 23 # to use special input methods. This may allow users to compromise  the root
 24 # account if they are allowed to run commands without authentication.
 25 #Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAM    E LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODU    LE QT_IM_SWITCHER"
 26
 27 # In the default (unconfigured) configuration, sudo asks for the root password.
 28 # This allows use of an ordinary user account for administration of a freshly
 29 # installed system. When configuring sudo, delete the two
 30 # following lines:
 31 #Defaults targetpw   # ask for the password of the target user i.e. root
 32 #ALL ALL=(ALL) ALL   # WARNING! Only use this together with 'Defaults targetpw'!

Once again the output is truncated for security reason

-3

By: unixbhaskar

2009-08-29 04:06:11

Security shell

Submit An Alternative

What Others Think

rahimhh21 · 85 weeks and 6 days ago

Perfecthomepugs · 77 weeks and 3 days ago

pugpuppies95 · 39 weeks and 4 days ago

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Similar Commands

Securely look at the group file over the network

Securely seeing the password file over the network

Edit file without changing the timestamp

Change attributes of files so you can edit them

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)