visudo enhancement to edit-syntax-check arbitrary files

William R. Ward bill at
Fri Dec 14 13:08:06 EST 2001

Todd C. Miller writes:
>In message <15385.45506.461372.951014 at>
>	so spake  (bill):
>> My understanding is that visudo requires you to already be root.  I
>> think that it is important to have the editor *not* run as uid 0 due
>> to the fact that you can launch sub-processes, edit other files, etc.
>> See the CAVEATS section in the man page for visudo.
>I see no point in running visudo as a uid other than 0 since if
>you can edit sudoers, you can grant yourself permission to run
>whatever you like.

I think you may have been confused by the fact that two different
proposals for similar things arrived at the same time.

I am referring to the idea of using sudo to grant permission to edit
files *other* than sudoers, such as /etc/aliases.


William R Ward            bill at
     If you're not part of the solution, you're part of the precipitate.

More information about the sudo-workers mailing list