Use visudo to Check SUDO Config Syntax

syntax check with visudo -c syntax check with visudo -c

I’m working on a longer post about editing sudoers with visudo or editing /etc/sudoers directly (you should avoid this if possible), but for now here’s just a quick note on a visudo command functionality that I find really useful.

IMPORTANT: if possible, edit sudoers files from interactive root shell – meaning you are root already, so there’s a chance to troubleshoot if something went wrong.

Two Main Ways of Using visudo

Primary usage of visudo is interactive: you run the command and it helps you edit the /etc/sudoers file.

Secondary usage is syntax check of all the sudoers config – that’s what I’m going to show today.

Use visudo to Check Config Syntax

Run visudo with the -c option to have it check all the SUDO config files – the /etc/sudoers file and any includes from /etc/sudoers.d directory:

greys@becky:~ # visudo -c
/etc/sudoers: parsed OK
/etc/sudoers.d/010_at-export: parsed OK
/etc/sudoers.d/010_pi-nopasswd: parsed OK
/etc/sudoers.d/README: parsed OK

How Broken Syntax is Reported by visudo

root@becky:~ # visudo -c
/etc/sudoers: syntax error near line 10 <<<
       parse error in /etc/sudoers near line 10

As noted above, I’m running visudo from interactive shell – so even though in this example sudoers is broken, I can still fix it by editing the file directly (because I’m still root).

In this example above, I need to vi /etc/sudoers and check line 10 in the file.

IMPORTANT: Once changes are made, re-run visudo -c to make sure configs are correct now. Do NOT leave your root session – log into the same server separately and try sudo commands to check.

See Also




Keep Learning

Follow me on Facebook, Twitter or Telegram:
Recommended
I learn with Educative: Educative
IT Consultancy
I'm a principal consultant with Tech Stack Solutions. I help with cloud architectrure, AWS deployments and automated management of Unix/Linux infrastructure. Get in touch!

Recent Tweets