54

I've noticed that the sudoers file and cron config files act in a special way compared to other config files on Linux. They need to be edited with a special wrapper rather than any text editor. Why is this?

Brian Lyttle
  • 1,757
  • 1
  • 17
  • 17

2 Answers2

75

You use visudo mostly to prevent from breaking your system. Visudo runs checks on your changes to make sure you didn't mess anything up. If you did mess something up, you could completely wreck your ability to fix it or do anything requiring privileges without rebooting into a rescue mode.

The man page describes this.

visudo edits the sudoers file in a safe fashion, analogous to vipw(8). visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • 4
    Interesting! +1, for illustrating a simple explanation for something that I should have known a long time ago :) – Greg Meehan Jun 16 '09 at 01:58
  • 7
    The behaviour of visudo is available generically as a command called sudoedit. This does the same lock/copy/edit/copy/unlock cycle (though obviously not with the parse step). One advantage this has is that it lets you give people sudo access to edit root-owned files without launching an editor as root, which might let them launch a shell from within the editor. If I shell out of my editor while running sudoedit, my euid is still my own. – James F Jun 16 '09 at 07:38
19

Zoredache answer is perfect.

One more thing that can be worth to mention. You can use you favorite editor by setting EDITOR or VISUAL:

export EDITOR=whatevertexteditoryouwant
export VISUAL=whatevertexteditoryouwant

Or:

EDITOR=whatevertexteditoryouwant visudo
muru
  • 589
  • 8
  • 26
cstamas
  • 6,707
  • 25
  • 42