I understand that if you want to modify who can use
sudo and what they can do with it that you should use
visudo. I know I’m not supposed to directly modify the /etc/sudoers file myself.
What is it that
visudo does that directly modifying the file doesn’t do? What can go wrong?
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
visudo checks the file syntax before actually overwriting the
If you use a plain editor, mess up the syntax, and save…
sudo will (probably) stop working, and, since
/etc/sudoers is only modifiable by
root, you’re stuck (unless you have another way of gaining root).
Additionally it ensures that the edits will be one atomic operation. This locking is important if you need to ensure nobody else can mess up your carefully considered config changes. For editing other files as root besides
/etc/sudoers there is the
sudoedit command which also guard against such editing conflicts.
From the visudo man page:
visudo locks the sudoers file against multiple simultaneous edits,
provides basic sanity checks, and checks for parse errors. If the
sudoers file is currently being edited you will receive a message to
try again later.
Also check this answer from serverfault.