visudo

visudo [-c] [-f file] [-s] [options]

visudo safely edits the sudoers file. It locks the file, validates syntax, and prevents saving invalid configurations.Syntax validation is critical. A syntax error in sudoers can lock out all sudo access. visudo catches errors before saving.The editor is determined by SUDO_EDITOR, VISUAL, or EDITOR environment variables. It defaults to vi.The tool handles file locking. Multiple simultaneous edits are prevented, avoiding corruption from concurrent changes.Drop-in files in /etc/sudoers.d/ can be edited with -f. These are included by the main sudoers file.Check mode validates existing files without editing. It's useful for verifying configuration before deployment.

-c

Enable check-only mode. The existing sudoers file will be checked for syntax errors, owner and mode.

Specify an alternate sudoers file to edit or check instead of the default /etc/sudoers.

Enable strict checking. If an alias is used before it is defined, visudo will consider this a parse error.

Enable quiet mode. Details about syntax errors are not printed. Only useful when combined with -c.

Enforce the default ownership (user and group) of the sudoers file.

Enforce the default permissions (mode) of the sudoers file.

Show a short help message and exit.

Show version number and exit.

Requires root privileges. Editor must be trusted. Syntax errors are caught but logic errors aren't. Keep a root shell open when editing.

visudo has been part of sudo since its early development by Todd Miller. It provides essential safety for editing the security-critical sudoers file.

sudo(8), su(1), vi(1)