While the /etc/sudoers file is a normal text file, it is essential not to directly edit it with a standard text editor like Vim or nano. The /etc/sudoers file controls access to all elevated privileges and a mistake in this file can render it impossible to gain root privileges on the server. Most distributions will set a default editor (usually Vim or nano) for /etc/sudoers. When using the visudo command, the system verifies the syntax of the /etc/sudoers file before committing changes, enabling the administrator an opportunity to correct mistakes before they become part of the running configuration.
The “vi” portion of the visudo command refers to the vi text editor, which comes standard in many distributions. However, don’t let the name fool you; you can use other text editors to edit the sudoers file. However, you must edit it through the visudo command for good measure. If you enter the sudo visudo command, your default text editor will open, displaying the contents of the /etc/sudoers file. In the case of Mint, the default text editor in the terminal is nano, so the /etc/sudoers file will open in the nano text editor when you run this command. If for some reason it opens in a different text editor, you can explicitly indicate which text editor you would like to use by using the following command:
$ sudo EDITOR=nano visudo
The syntax of the visudo command is:
$ visudo [options]
Command line Options
| Option | Description |
|---|---|
| -c | Syntax check on the file’s contents, without editing. Exits with 0 if it’s valid, or 1 if not. |
| -f filename | Specifies an alternate location for the sudoers file. |
| -q | Quiet mode. When used with -c, do not print errors. |
| -s | Strict checking. An alias used before it is defined is an error. |
| -V | Print the version number. |
If you encounter the below error while running the visudo command:
visudo: command not found
you may try installing the sudo package as shown below as per your choice of distribution:
| Distribution | Command |
|---|---|
| Debian | apt-get install sudo |
| Ubuntu | apt-get install sudo |
| Alpine | apk add sudo |
| Arch Linux | pacman -S sudo |
| Kali Linux | apt-get install sudo |
| CentOS | yum install sudo |
| Fedora | dnf install sudo |
| Raspbian | apt-get install sudo |
visudo Command Examples
1. Edit the sudoers file:
$ sudo visudo
2. Check the sudoers file for errors:
$ sudo visudo -c
3. Edit the sudoers file using a specific editor:
$ sudo EDITOR=editor visudo
4. Display version information:
visudo --version
Conclusion
Using visudo instead of editing directly prevents two users from performing edits at once. Also, visudo will not save edits to sudoers if they are not syntactically correct. Be very careful when modifying user access via visudo. If you’re not careful, you may open up your entire machine to those whom you’d rather not grant complete access. If you were an administrator in a company, you would probably want to give users access to specific commands that are required to do their job, and nothing more.