syntax check with visudo -c
I’m working on a longer post about editing sudoers with visudo or editing /etc/sudoers directly (you should avoid this if possible), but for now here’s just a quick note on a visudo command functionality that I find really useful.
IMPORTANT: if possible, edit sudoers files from interactive root shell – meaning you are root already, so there’s a chance to troubleshoot if something went wrong.
Primary usage of visudo is interactive: you run the command and it helps you edit the /etc/sudoers file.
Secondary usage is syntax check of all the sudoers config – that’s what I’m going to show today.
Run visudo with the -c option to have it check all the SUDO config files – the /etc/sudoers file and any includes from /etc/sudoers.d directory:
As noted above, I’m running visudo from interactive shell – so even though in this example sudoers is broken, I can still fix it by editing the file directly (because I’m still root).
In this example above, I need to vi /etc/sudoers and check line 10 in the file.
IMPORTANT: Once changes are made, re-run visudo -c to make sure configs are correct now. Do NOT leave your root session – log into the same server separately and try sudo commands to check.