visudo

Edit sudoers file

$ sudo visudo

$ sudo visudo -f [/etc/sudoers.d/custom]

$ sudo visudo -c

$ sudo visudo -c -f [/etc/sudoers.d/custom]

$ sudo visudo -s

visudo [-c] [-f file] [-s] [options]

visudo safely edits the sudoers file. It locks the file, validates syntax, and prevents saving invalid configurations.
Syntax validation is critical. A syntax error in sudoers can lock out all sudo access. visudo catches errors before saving.
The editor is determined by SUDO_EDITOR, VISUAL, or EDITOR environment variables. It defaults to vi.
The tool handles file locking. Multiple simultaneous edits are prevented, avoiding corruption from concurrent changes.
Drop-in files in /etc/sudoers.d/ can be edited with -f. These are included by the main sudoers file.
Check mode validates existing files without editing. It's useful for verifying configuration before deployment.

-c, --check

Check syntax only.

Edit specific file.

Strict syntax checking.

Less verbose output.

Show help.

Show version.

Requires root privileges. Editor must be trusted. Syntax errors are caught but logic errors aren't. Keep a root shell open when editing.

visudo has been part of sudo since its early development by Todd Miller. It provides essential safety for editing the security-critical sudoers file.

sudo(8), sudoers(5), su(1)