[plug] sudoers

Russell Steicke r.steicke at bom.gov.au
Thu Jan 13 16:55:52 WST 2005


On Thu, Jan 13, 2005 at 04:42:25PM +0800, Denis Brown wrote:
> Hello Jim.
> 
> At 04:38 PM 13/01/2005, Jim Householder wrote:
> >Hi
> >
> >The default /etc/sudoers has a comment in it saying it *must* be edited 
> >with visudo.
> >
> >Why?  What's wrong with other editors?
> 
> From the man page...
> visudo edits the sudoers file in a safe fashion, analogous to vipw(8). 
> visudo locks the sudoers file against multiple simultaneous edits, provides 
> basic sanity checks, and checks for parse errors. If the sudoers file is 
> currently being edited you will receive a message to try again later.
> 
> So if you use a "normal" editor you will lack these protections.

In particular, it stops you doing

  sudo vi /etc/sudoers

and stuffing up the configuration such that sudo will no longer run.
If you're doing all your admin via sudo and have forgotten the root
password then that would be bad.

BTW, if you don't like vi, you can do something like this:

  EDITOR=joe sudo visudo

to use something different and still get the benefits of visudo.  Some
versions of sudo will not read $EDITOR, but I think the debian version
does.




-- 
Russell Steicke

-- Fortune says:
Bo Derek ruined my life!



More information about the plug mailing list