[sudo-users] Syntax verification in vi editor to avoid sudo corruption

Todd C. Miller Todd.Miller at sudo.ws
Wed Apr 19 07:57:59 MDT 2023

On Wed, 19 Apr 2023 17:31:41 +0530, Sac Isilia via sudo-users wrote:

> I am thinking of a use case where a user who has access to edit
> /etc/sudoers file and he does some wrong edit and he is not aware of how to
> verify the syntax of sudo file (visudo -c) . Is there a way to configure in
> the user profile or some where else that automatically checks for syntax
> error in sudo file once the user tries to save the file . The sysadmin
> knows this stuff but a normal user might not be aware of syntax checking.

The sudoers file should be edited using visudo which performs syntax
checks and will not save an edited file with syntax errors.

There's no way to force a user to run visudo instead of editing the
sudoers file directly but the default sudoers file has the following
at the start of the file:

## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.

I don't know what more we can do.

 - todd

More information about the sudo-users mailing list