Certain files on a UNIX-like system, such as
are integral for managing login and authentication, and it’s thus necessary to
be very careful while editing them using
sudo not to accidentally leave them
in a corrupted state, or to allow others to edit them at the same time as you.
In the worst case scenario it’s possible to lock yourself out of a system or
out of root privileges in doing this, and things can only be fixed via physical
access to the server or someone who knows the actual root password, which you
may not necessarily know as a
You should therefore never edit
/etc/sudoers by simply invoking them in your editor of choice. A set of
simple utilities exist to help you make these edits safely.
If you want to safely edit the
/etc/passwd file, for which you’ll need to
have root privileges, you should use the
vipw tool. It doesn’t require an
This will load a temporary copy of the file into your
$EDITOR, and allow you
to make changes. If all is well after you save and quit, you’ll see a message
You have modified /etc/passwd. You may need to modify /etc/shadow for consistency. Please use the command 'vipw -s' to do so.
If you’ve made changes which might require changing something in the
/etc/shadow file, you should follow these instructions too.
The command to edit groups,
vigr, works in much the same way:
The analogous tool for editing the
/etc/sudoers file is
visudo. This file
not only does the necessary lock and file corruption checking as
it also does some basic checking of the syntax of the file after you save it.
If the changes you make to this file work correctly, you’ll simply be returned
to your prompt. However, if you’ve made some sort of edit that means
won’t be able to correctly parse the file, you’ll get warned and prompted for
an appropriate action:
visudo: >>> /etc/sudoers: syntax error near line 28 <<< visudo: >>> /etc/sudoers: syntax error near line 29 <<< visudo: >>> /etc/sudoers: syntax error near line 29 <<< What now?
If you press
? here and then Enter, you’ll get a list of the actions you can
Options are: (e)dit sudoers file again e(x)it without saving changes to sudoers file (Q)uit and save changes to sudoers file (DANGER!)
You’ll probably want the first one, to edit your changes again and make them work properly, but you may want to hose them and start again via the second option. You should only choose the third if you absolutely know what you’re doing.
In general, you can edit root-owned files using
sudo -e, which
will operate on temporary copies of the file and overwrite the original if
changes are detected:
$ sudo -e /etc/network/interfaces
This has the added bonus of preserving all of your environment variables for
the editing session, which may not be the case when invoking an editor and file
sudo. This turns out to be handy for newer versions of
sudo which do
not preserve the user’s
$HOME directory by default, meaning that
configuration files for your editor, such as
.vimrc, might not be read.