Monday, September 8, 2008

visudo and echo

If you don't feel like opening up visudo to edit something like the /etc/sudoers file, just echo "user ALL=(ALL) ALL" >> /etc/sudoers. Nifty. Not sure of any security implications of doing this though...


  1. It's still much better to use visudo because it will validate the syntax of your file after you save and exit. I believe (but could be wrong) that a file with invalid syntax may disable sudo altogether. Much better to use visudo.

  2. Yes, visudo is there for your protection. Though I've met plenty of people who have messed up their /etc/sudoers with a bad echo ... so I guess it's just something you have to do once to learn a lesson, heh.

  3. as others have said there is no difference if you are perfect. Otherwise sudo refuses to run with a syntax error and you are left ina very inconvenient situation

  4. You also have to be logged as root to do that, otherwise you have to use 'echo "user ALL = (ALL) ALL" | sudo tee -a /etc/sudoers', but again using visudo ensures that you don't break sudo. If you happen to break sudo and have no root password (standard situation in Ubuntu), you can't even modify sudoers anymore!

    Btw, my way to do it might be something like:

    $ sudo augtool
    augtool> ins spec after /file /etc/sudoers/spec[last()]
    augtool> set /files/etc/sudoers/spec[last()]/user "user"
    augtool> set /files/etc/sudoers/spec[last()]/host_group/host "ALL"
    augtool> set /files/etc/sudoers/spec[last()]/host_group/command "ALL"
    augtool> set /files/etc/sudoers/spec[last()]/host_group/command/runas_user "ALL"
    augtool> save