Linux Commands

Visudo Command in Linux

In the Linux operating system, a file named “sudoers” exists which is a text file that is used to control the deepest level of the system’s permissions. It allows or rejects the user to get a super user access to the system and get some super user preferences for the sudo. The visudo is a command which is used to edit or modify the sudoer file in a safe zone. This article defines what is a sudoer file and demonstrates how a visudo command is used to edit it.

What Is a Sudoer File in the Linux Operating System?

The sudoer is a text file located in the “/etc” directory of the Linux operating system. This text file defines how the “sudo” works on a Linux enabled machine. It is the file of rules, regulations, and action list for the “sudo”. It tells the “sudo” to which user to give the root privileges and allow them to have a super user permission and which user to deny an access to the root privileges. It can also enable a certain user to execute a command as any other user in the system. You can find the “sudoer.d” file in the /etc directory.

When you try to open it directly, the system will not allow you since you do not have the administrative rights to open it. Hence, you need to get the administrator rights to open the sudoer file. The first and simple way to do this is to right click on the folder and choose the “open as administrator” option. The second way is to open the file in the terminal using the visudo command. Just write “sudo visudo” in the terminal and press enter.

This opens the sudoer file in the terminal.

Why Do We Need to Edit a Sudoer File?

When you install a Linux operating system like Ubuntu 22.04, it automatically adds the first user to the sudoer file with administrative rights. The first user can run the commands like install, update, etc with the “sudo” command after the Ubuntu installation is done. But, when a new user is added by default, no administrative rights are assigned to it. To give the administrative rights or the super user access to the new user, the sudoer file needs to be edited and the new user needs to be added to the sudoer file.

How to Edit a Sudoer File

The best way to edit a sudoer file is to use the visudo command in the terminal. Always avoid editing a sudoer file in a text editor. If you try to do that, you may end up corrupting simultaneous files and unintentionally removing any admin access. Hence, always edit the sudoer file in the terminal using the visudo command.

What Is a Visudo Command?

A visudo is a Linux command that is used to edit the sudoer file with “sudo” privileges. It allows you to safely edit the sudoer file and make any changes required without corrupting any file or removing any admin rights. It performs the basic validity checks on the visudo file, checks for syntax errors, and locks it against various simultaneous edits before installing the edited file. If there is any syntax error in the file, the file will not be saved and an error message will be printed instead.

Syntax of the Visudo Command

The syntax of the visudo command is very simple. It takes only two parameters: one is the option and the other one is the sudoer file. See the following syntax of the visudo command:

The “visudo” is the command name, the “-options” refers to one of the options that work with the visudo command, and the “sudoer” is the name of the “sudoer.d” file name. There are six options available for the visudo command: -c, -h, -q, -s, -V, and -f. The -c option or the flag is used with visudo to enable the check-only mode. By using the -c flag, the sudoer file will only be checked for the mode, owner, or syntax errors. The -h flag is used to print a help message. The -q flag is used to enable the quiet mode; it quiets the command if encountered with any syntax error. The -s flag is used to enable the strict checking mode. The -V flag shows the version of the visudo command. And lastly, the -f flag is used to define an alternate location for the sudoer file.

Change the Location of the Modified Sudoer File

It is recommended that the sudoer file must be edited in the /etc/sudoers.d directory with the visudo command. To do that, execute the visudo command with the -f flag. See the following command:

This opens up a sudoer file in an edit mode and allows you to make any required changes in it. When you are done with editing the sudoers file, exit from it by pressing the CTRL+X and get back to the terminal.

When you press the ctrl+x, you get back to the standard output terminal where any changes that you made to the file are listed. See the following output:

Since we have not made any changes in the file and exited, the file remained unchanged and the same is printed on the terminal.

Assign “No Restriction” Rights to a New User

Let us allow a new user to work as any user and execute any required command on any host. This can be done by assigning the ALL value to the new user. ALL is a special value in the sudoer file that is used to define “no restrictions”. The ALL value sets no restriction on the user and allows them to run any command on the host as required. See the following command:

Now, when you check back the sudoer command, you will have a new user added under the “user privileges specification” section with the ALL rights. See the following sudoer file:

Conclusion

In this article, we learned what is a sudoer file and what is a visudo command. We demonstrated how a visudo command is used on a sudoer file to edit it. The visudo is a Linux command which is used to edit a sudoer file in a safe mode. It allows you to make any changes in the sudoer file without corrupting any file or removing any root access from any user.

About the author

Omar Farooq

Hello Readers, I am Omar and I have been writing technical articles from last decade. You can check out my writing pieces.