visudo

visudo is a special tool in Unix/Linux for safely updating the /etc/sudoers file, used by the sudo command for providing and managing privileged access.

for safely updating the /etc/sudoers file, found in most Linux systems (Ubuntu for example).

Here’s what the Ubuntu Linux man page says about visudo:

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.

Since /etc/sudoers file defines rules for (sometimes passwordless) access to privileged access, you can only run visudo as root.

In fact, if you attempt running visudo as a regular user, you will get an error (because visudo needs to access /etc/sudoers file):

greys@vps1:~$ /usr/sbin/visudo
visudo: /etc/sudoers: Permission denied

How visudo command works

You don’t need to specify any command line options. Just become root and run the command. You’ll be shown your default text editor window with the /etc/sudoers file (as shown on the screenshot at the top of this page).

If you inspect the screenshot carefully, you’ll notice the first important reason visudo command is so useful: it doesn’t edit the /etc/sudoers file directly. Instead, it makes a copy of it, called /etc/sudoers.tmp, and allows you to edit it. This means that if something happens to your editing session (server crashes, power goes, connection to remote server gets broken), there is no risk of leaving your server in a random security state /etc/sudoers wise.

Once you finish editing, visudo will perform a number of checks on the resulting /etc/sudoers.tmp file before appying its changes into /etc/sudoers file. If an issue is found, you’ll get the message about it after you save the file and exit your text editor:

root@vps1:~# visudo

> > > /etc/sudoers: syntax error near line 11 <<<
> > > What now?
> > > 

Just press Enter to see the options:

Options are:
(e)dit sudoers file again
e(x)it without saving changes to sudoers file
(Q)uit and save changes to sudoers file (DANGER!)

What now?

Most likely you’ll want to press e to continue editing the file. But if you can’t find what’s wrong (it may well be that /etc/sudoers was broken by someone else before you, because – you guessed it – they edited file manually instead of using visudo) – if that’s the case, you may just press x to exit and to investigate the /etc/sudoers file more.

See also




Keep Learning

Follow me on Facebook, Twitter or Telegram:
Recommended
I learn with Educative: Educative
IT Consultancy
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!

Recent Tweets