February 4, 2013

Why to use visudo?

The /etc/sudoers file contains the details of the users that can execute the sudo command.

The good thing about this file is that it contains examples, in comments, on the various ways in which a users permissions can be specified. Also this file must have the only read only permission for the user root and group root.

 [root@localhost]# ls -alh /etc/sudoers
-r--r----- 1 root root 3.7K Feb  4 12:17 /etc/sudoers

The best way to edit this file is visudo. This command ensures that the permission are always correct -- there have been instances when the booting of one of my machines failed because I forgot to reset the permissions when I did not use visudo.

The other reason to use visudo is that once a file has been written, it is parsed for correctness.

[root@localhost]# visudo
visudo: >>> /etc/sudoers: syntax error near line 100 <<<
What now?
Options are:
  (e)dit sudoers file again
  e(x)it without saving changes to sudoers file
  (Q)uit and save changes to sudoers file (DANGER!)

What now? e