← 返回命令列表

Linux command

visudo 命令

安全

权限或系统影响较大,执行前请核对目标。

常用示例

Edit sudoers file

sudo visudo

Edit specific file

sudo visudo -f [/etc/sudoers.d/custom]

Check syntax only

sudo visudo -c

Check specific file

sudo visudo -c -f [/etc/sudoers.d/custom]

Strict mode

sudo visudo -s

说明

visudo safely edits the sudoers file. It locks the file, validates syntax, and prevents saving invalid configurations. Syntax validation is critical. A syntax error in sudoers can lock out all sudo access. visudo catches errors before saving. The editor is determined by SUDO_EDITOR, VISUAL, or EDITOR environment variables. It defaults to vi. The tool handles file locking. Multiple simultaneous edits are prevented, avoiding corruption from concurrent changes. Drop-in files in /etc/sudoers.d/ can be edited with -f. These are included by the main sudoers file. Check mode validates existing files without editing. It's useful for verifying configuration before deployment.

参数

-c
Enable check-only mode. The existing sudoers file will be checked for syntax errors, owner and mode.
-f _FILE_
Specify an alternate sudoers file to edit or check instead of the default /etc/sudoers.
-s
Enable strict checking. If an alias is used before it is defined, visudo will consider this a parse error.
-q
Enable quiet mode. Details about syntax errors are not printed. Only useful when combined with -c.
-O
Enforce the default ownership (user and group) of the sudoers file.
-P
Enforce the default permissions (mode) of the sudoers file.
-h
Show a short help message and exit.
-V
Show version number and exit.

FAQ

What is the visudo command used for?

visudo safely edits the sudoers file. It locks the file, validates syntax, and prevents saving invalid configurations. Syntax validation is critical. A syntax error in sudoers can lock out all sudo access. visudo catches errors before saving. The editor is determined by SUDO_EDITOR, VISUAL, or EDITOR environment variables. It defaults to vi. The tool handles file locking. Multiple simultaneous edits are prevented, avoiding corruption from concurrent changes. Drop-in files in /etc/sudoers.d/ can be edited with -f. These are included by the main sudoers file. Check mode validates existing files without editing. It's useful for verifying configuration before deployment.

How do I run a basic visudo example?

Run `sudo visudo` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -c do in visudo?

Enable check-only mode. The existing sudoers file will be checked for syntax errors, owner and mode.