Programmatically use visudo to edit sudoers?
Clash Royale CLAN TAG#URR8PPP
up vote
5
down vote
favorite
I have a sudoers file stored in our svn repo. I want to svn export it to /etc/sudoers, but can't do it because sudo detects that it was not edited by visudo and throws syntax errors. What exactly does visudo -f do, and can I do the following:
cd /tmp && svn export <URL>/sudoers && visudo < /tmp/sudoers
without manual intervention?
scripting sudo
edited Sep 5 at 10:58
Jeff Schaller
33k849111
asked Jun 13 '13 at 21:46
dperry1973
189128
add a comment |Â
up vote
5
down vote
favorite
I have a sudoers file stored in our svn repo. I want to svn export it to /etc/sudoers, but can't do it because sudo detects that it was not edited by visudo and throws syntax errors. What exactly does visudo -f do, and can I do the following:
cd /tmp && svn export <URL>/sudoers && visudo < /tmp/sudoers
without manual intervention?
scripting sudo
edited Sep 5 at 10:58
Jeff Schaller
33k849111
asked Jun 13 '13 at 21:46
dperry1973
189128
3
It's not because it was not edited by visudo, it's because it did had syntax errors. Also check the permissions.
– Stéphane Chazelas
Jun 13 '13 at 21:51
add a comment |Â
up vote
5
down vote
favorite
up vote
5
down vote
favorite
I have a sudoers file stored in our svn repo. I want to svn export it to /etc/sudoers, but can't do it because sudo detects that it was not edited by visudo and throws syntax errors. What exactly does visudo -f do, and can I do the following:
cd /tmp && svn export <URL>/sudoers && visudo < /tmp/sudoers
without manual intervention?
scripting sudo
edited Sep 5 at 10:58
Jeff Schaller
33k849111
asked Jun 13 '13 at 21:46
dperry1973
189128
I have a sudoers file stored in our svn repo. I want to svn export it to /etc/sudoers, but can't do it because sudo detects that it was not edited by visudo and throws syntax errors. What exactly does visudo -f do, and can I do the following:
cd /tmp && svn export <URL>/sudoers && visudo < /tmp/sudoers
without manual intervention?
scripting sudo
scripting sudo
edited Sep 5 at 10:58
Jeff Schaller
33k849111
asked Jun 13 '13 at 21:46
dperry1973
189128
edited Sep 5 at 10:58
Jeff Schaller
33k849111
asked Jun 13 '13 at 21:46
dperry1973
189128
edited Sep 5 at 10:58
Jeff Schaller
33k849111
edited Sep 5 at 10:58
Jeff Schaller
33k849111
edited Sep 5 at 10:58
Jeff Schaller
33k849111
33k849111
asked Jun 13 '13 at 21:46
dperry1973
189128
asked Jun 13 '13 at 21:46
dperry1973
189128
asked Jun 13 '13 at 21:46
dperry1973
189128
189128
3
It's not because it was not edited by visudo, it's because it did had syntax errors. Also check the permissions.
– Stéphane Chazelas
Jun 13 '13 at 21:51
add a comment |Â
3
It's not because it was not edited by visudo, it's because it did had syntax errors. Also check the permissions.
– Stéphane Chazelas
Jun 13 '13 at 21:51
3
3
It's not because it was not edited by visudo, it's because it did had syntax errors. Also check the permissions.
– Stéphane Chazelas
Jun 13 '13 at 21:51
It's not because it was not edited by visudo, it's because it did had syntax errors. Also check the permissions.
– Stéphane Chazelas
Jun 13 '13 at 21:51
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
9
down vote
It's probably not because it was not edited by visudo, it's because it did have syntax errors. Also check the permissions. It's perfectly fine to edit /etc/sudoers without using visudo. visudo is only there to guarantee exclusive access and check the syntax before committing to the actual file. Having said that, to answer your question, you can do:
VISUAL="cp /tmp/sudoers" visudo
visudo calls your preferred editor with /etc/sudoers.tmp, checks the syntax on the new content of the file once the editor has returned and commits to /etc/sudoers when happy. By setting your preferred editor to cp /tmp/sudoers, you're actually telling it to do cp /tmp/sudoers /etc/sudoers.tmp.
(storing that sudoers temp file in a a world writeable directory like /tmp sounds dangerous to me)
answered Jun 13 '13 at 22:00
Stéphane Chazelas
286k53528866
This is a very interesting idea. Two comments though. 1) VISUAL seem to take precedence over EDITOR, so I would go for that. 2) My version of visudo seem to to not allow any custom editor unfortunately because of security reasons.
– Tarrasch
Feb 19 '15 at 21:58
To other over-automating venturers. It's basically impossible to do this. Save a few hours of your life and just do something like this in your dotfiles: github.com/Tarrasch/dotfiles/commit/…
– Tarrasch
Feb 19 '15 at 22:26
@Tarrasch, indeed. I had completely forgotten this answer when answering that one (where I point out that VISUAL takes precedence over EDITOR).
– Stéphane Chazelas
Feb 20 '15 at 11:03
add a comment |Â
up vote
4
down vote
I edit and deploy sudoers all the time. Make sure you do the following:
- Use
visudo -c f <filename>to check the syntax before you check it in to svn. - When you deploy make sure the permissions are
0440and owned byroot:root(orroot:wheelon BSD derivatives).
If your the host you use to check in runs a different OS than the one you're deploying to then you should also run visudo -c -f <filename> on the target system before copying it into place.
answered Jun 14 '13 at 5:11
bahamat
23.6k14590
Thanks for the visudo -c -f . Using that in my script provided the exit code 1 I need to abort if things are not right.
– dperry1973
Jun 14 '13 at 19:29
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
9
down vote
It's probably not because it was not edited by visudo, it's because it did have syntax errors. Also check the permissions. It's perfectly fine to edit /etc/sudoers without using visudo. visudo is only there to guarantee exclusive access and check the syntax before committing to the actual file. Having said that, to answer your question, you can do:
VISUAL="cp /tmp/sudoers" visudo
visudo calls your preferred editor with /etc/sudoers.tmp, checks the syntax on the new content of the file once the editor has returned and commits to /etc/sudoers when happy. By setting your preferred editor to cp /tmp/sudoers, you're actually telling it to do cp /tmp/sudoers /etc/sudoers.tmp.
(storing that sudoers temp file in a a world writeable directory like /tmp sounds dangerous to me)
answered Jun 13 '13 at 22:00
Stéphane Chazelas
286k53528866
This is a very interesting idea. Two comments though. 1) VISUAL seem to take precedence over EDITOR, so I would go for that. 2) My version of visudo seem to to not allow any custom editor unfortunately because of security reasons.
– Tarrasch
Feb 19 '15 at 21:58
To other over-automating venturers. It's basically impossible to do this. Save a few hours of your life and just do something like this in your dotfiles: github.com/Tarrasch/dotfiles/commit/…
– Tarrasch
Feb 19 '15 at 22:26
@Tarrasch, indeed. I had completely forgotten this answer when answering that one (where I point out that VISUAL takes precedence over EDITOR).
– Stéphane Chazelas
Feb 20 '15 at 11:03
add a comment |Â
up vote
9
down vote
It's probably not because it was not edited by visudo, it's because it did have syntax errors. Also check the permissions. It's perfectly fine to edit /etc/sudoers without using visudo. visudo is only there to guarantee exclusive access and check the syntax before committing to the actual file. Having said that, to answer your question, you can do:
VISUAL="cp /tmp/sudoers" visudo
visudo calls your preferred editor with /etc/sudoers.tmp, checks the syntax on the new content of the file once the editor has returned and commits to /etc/sudoers when happy. By setting your preferred editor to cp /tmp/sudoers, you're actually telling it to do cp /tmp/sudoers /etc/sudoers.tmp.
(storing that sudoers temp file in a a world writeable directory like /tmp sounds dangerous to me)
answered Jun 13 '13 at 22:00
Stéphane Chazelas
286k53528866
This is a very interesting idea. Two comments though. 1) VISUAL seem to take precedence over EDITOR, so I would go for that. 2) My version of visudo seem to to not allow any custom editor unfortunately because of security reasons.
– Tarrasch
Feb 19 '15 at 21:58
To other over-automating venturers. It's basically impossible to do this. Save a few hours of your life and just do something like this in your dotfiles: github.com/Tarrasch/dotfiles/commit/…
– Tarrasch
Feb 19 '15 at 22:26
@Tarrasch, indeed. I had completely forgotten this answer when answering that one (where I point out that VISUAL takes precedence over EDITOR).
– Stéphane Chazelas
Feb 20 '15 at 11:03
add a comment |Â
up vote
9
down vote
up vote
9
down vote
It's probably not because it was not edited by visudo, it's because it did have syntax errors. Also check the permissions. It's perfectly fine to edit /etc/sudoers without using visudo. visudo is only there to guarantee exclusive access and check the syntax before committing to the actual file. Having said that, to answer your question, you can do:
VISUAL="cp /tmp/sudoers" visudo
visudo calls your preferred editor with /etc/sudoers.tmp, checks the syntax on the new content of the file once the editor has returned and commits to /etc/sudoers when happy. By setting your preferred editor to cp /tmp/sudoers, you're actually telling it to do cp /tmp/sudoers /etc/sudoers.tmp.
(storing that sudoers temp file in a a world writeable directory like /tmp sounds dangerous to me)
answered Jun 13 '13 at 22:00
Stéphane Chazelas
286k53528866
It's probably not because it was not edited by visudo, it's because it did have syntax errors. Also check the permissions. It's perfectly fine to edit /etc/sudoers without using visudo. visudo is only there to guarantee exclusive access and check the syntax before committing to the actual file. Having said that, to answer your question, you can do:
VISUAL="cp /tmp/sudoers" visudo
visudo calls your preferred editor with /etc/sudoers.tmp, checks the syntax on the new content of the file once the editor has returned and commits to /etc/sudoers when happy. By setting your preferred editor to cp /tmp/sudoers, you're actually telling it to do cp /tmp/sudoers /etc/sudoers.tmp.
(storing that sudoers temp file in a a world writeable directory like /tmp sounds dangerous to me)
answered Jun 13 '13 at 22:00
Stéphane Chazelas
286k53528866
edited Feb 20 '15 at 11:04
answered Jun 13 '13 at 22:00
Stéphane Chazelas
286k53528866
answered Jun 13 '13 at 22:00
Stéphane Chazelas
286k53528866
answered Jun 13 '13 at 22:00
Stéphane Chazelas
286k53528866
286k53528866
This is a very interesting idea. Two comments though. 1) VISUAL seem to take precedence over EDITOR, so I would go for that. 2) My version of visudo seem to to not allow any custom editor unfortunately because of security reasons.
– Tarrasch
Feb 19 '15 at 21:58
To other over-automating venturers. It's basically impossible to do this. Save a few hours of your life and just do something like this in your dotfiles: github.com/Tarrasch/dotfiles/commit/…
– Tarrasch
Feb 19 '15 at 22:26
@Tarrasch, indeed. I had completely forgotten this answer when answering that one (where I point out that VISUAL takes precedence over EDITOR).
– Stéphane Chazelas
Feb 20 '15 at 11:03
add a comment |Â
This is a very interesting idea. Two comments though. 1) VISUAL seem to take precedence over EDITOR, so I would go for that. 2) My version of visudo seem to to not allow any custom editor unfortunately because of security reasons.
– Tarrasch
Feb 19 '15 at 21:58
To other over-automating venturers. It's basically impossible to do this. Save a few hours of your life and just do something like this in your dotfiles: github.com/Tarrasch/dotfiles/commit/…
– Tarrasch
Feb 19 '15 at 22:26
@Tarrasch, indeed. I had completely forgotten this answer when answering that one (where I point out that VISUAL takes precedence over EDITOR).
– Stéphane Chazelas
Feb 20 '15 at 11:03
This is a very interesting idea. Two comments though. 1) VISUAL seem to take precedence over EDITOR, so I would go for that. 2) My version of visudo seem to to not allow any custom editor unfortunately because of security reasons.
– Tarrasch
Feb 19 '15 at 21:58
This is a very interesting idea. Two comments though. 1) VISUAL seem to take precedence over EDITOR, so I would go for that. 2) My version of visudo seem to to not allow any custom editor unfortunately because of security reasons.
– Tarrasch
Feb 19 '15 at 21:58
To other over-automating venturers. It's basically impossible to do this. Save a few hours of your life and just do something like this in your dotfiles: github.com/Tarrasch/dotfiles/commit/…
– Tarrasch
Feb 19 '15 at 22:26
To other over-automating venturers. It's basically impossible to do this. Save a few hours of your life and just do something like this in your dotfiles: github.com/Tarrasch/dotfiles/commit/…
– Tarrasch
Feb 19 '15 at 22:26
@Tarrasch, indeed. I had completely forgotten this answer when answering that one (where I point out that VISUAL takes precedence over EDITOR).
– Stéphane Chazelas
Feb 20 '15 at 11:03
@Tarrasch, indeed. I had completely forgotten this answer when answering that one (where I point out that VISUAL takes precedence over EDITOR).
– Stéphane Chazelas
Feb 20 '15 at 11:03
add a comment |Â
up vote
4
down vote
I edit and deploy sudoers all the time. Make sure you do the following:
- Use
visudo -c f <filename>to check the syntax before you check it in to svn. - When you deploy make sure the permissions are
0440and owned byroot:root(orroot:wheelon BSD derivatives).
If your the host you use to check in runs a different OS than the one you're deploying to then you should also run visudo -c -f <filename> on the target system before copying it into place.
answered Jun 14 '13 at 5:11
bahamat
23.6k14590
Thanks for the visudo -c -f . Using that in my script provided the exit code 1 I need to abort if things are not right.
– dperry1973
Jun 14 '13 at 19:29
add a comment |Â
up vote
4
down vote
I edit and deploy sudoers all the time. Make sure you do the following:
- Use
visudo -c f <filename>to check the syntax before you check it in to svn. - When you deploy make sure the permissions are
0440and owned byroot:root(orroot:wheelon BSD derivatives).
If your the host you use to check in runs a different OS than the one you're deploying to then you should also run visudo -c -f <filename> on the target system before copying it into place.
answered Jun 14 '13 at 5:11
bahamat
23.6k14590
Thanks for the visudo -c -f . Using that in my script provided the exit code 1 I need to abort if things are not right.
– dperry1973
Jun 14 '13 at 19:29
add a comment |Â
up vote
4
down vote
up vote
4
down vote
I edit and deploy sudoers all the time. Make sure you do the following:
- Use
visudo -c f <filename>to check the syntax before you check it in to svn. - When you deploy make sure the permissions are
0440and owned byroot:root(orroot:wheelon BSD derivatives).
If your the host you use to check in runs a different OS than the one you're deploying to then you should also run visudo -c -f <filename> on the target system before copying it into place.
answered Jun 14 '13 at 5:11
bahamat
23.6k14590
I edit and deploy sudoers all the time. Make sure you do the following:
- Use
visudo -c f <filename>to check the syntax before you check it in to svn. - When you deploy make sure the permissions are
0440and owned byroot:root(orroot:wheelon BSD derivatives).
If your the host you use to check in runs a different OS than the one you're deploying to then you should also run visudo -c -f <filename> on the target system before copying it into place.
answered Jun 14 '13 at 5:11
bahamat
23.6k14590
answered Jun 14 '13 at 5:11
bahamat
23.6k14590
answered Jun 14 '13 at 5:11
bahamat
23.6k14590
answered Jun 14 '13 at 5:11
bahamat
23.6k14590
23.6k14590
Thanks for the visudo -c -f . Using that in my script provided the exit code 1 I need to abort if things are not right.
– dperry1973
Jun 14 '13 at 19:29
add a comment |Â
Thanks for the visudo -c -f . Using that in my script provided the exit code 1 I need to abort if things are not right.
– dperry1973
Jun 14 '13 at 19:29
Thanks for the visudo -c -f . Using that in my script provided the exit code 1 I need to abort if things are not right.
– dperry1973
Jun 14 '13 at 19:29
Thanks for the visudo -c -f . Using that in my script provided the exit code 1 I need to abort if things are not right.
– dperry1973
Jun 14 '13 at 19:29
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f79338%2fprogrammatically-use-visudo-to-edit-sudoers%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
3
It's not because it was not edited by visudo, it's because it did had syntax errors. Also check the permissions.
– Stéphane Chazelas
Jun 13 '13 at 21:51