Oct 29, 2018

Using visudo - editing configuration file for sudo

The configuration file for sudo is /etc/sudoers. It should always be edited with the visudo command. visudo locks the sudoers file, saves edits to a temporary file, and checks that file's grammar before copying it to /etc/sudoers.
Warning:
  • It is imperative that sudoers be free of syntax errors! Any error makes sudo unusable. Always edit it with visudo to prevent errors.
  • From man 8 visudoNote that this can be a security hole since it allows the user to execute any program they wish simply by setting VISUAL or EDITOR.
The default editor for visudo is vi. sudo from the core repository is compiled with --with-env-editor by default and honors the use of the VISUAL and EDITOR variables. EDITOR is not used when VISUAL is set.
To establish nano as the visudo editor for the duration of the current shell session, set and export the EDITOR variable before calling visudo.
# EDITOR=nano visudo
To change the editor of choice permanently system-wide only for visudo, add the following to /etc/sudoers (assuming nano is your preferred editor):
# Reset environment by default
Defaults      env_reset
# Set default EDITOR to nano, and do not allow visudo to use EDITOR/VISUAL.
Defaults      editor=/usr/bin/nano, !env_editor