3

When I edit /etc/sudoers using visudo, I think it saves to sudoers.tmp, checks it for errors, then copies it to the real /etc/sudoers.

However, I can't confirm my theory (how the lock file is used) in the man pages: http://manpages.ubuntu.com/manpages/dapper/man8/visudo.8.html - it's not described there.

Does anyone know if this behavior is described anywhere? Or is this because lock files are so common it's not described in visudo?

Tosh
  • 379
  • 1
  • 4
  • 11
  • it *is* in the manpages: FILES ` /etc/sudoers ` List of who can run what `/etc/sudoers.tmp ` Lock file for visudo – Jacob Vlijm May 19 '15 at 20:43
  • What I meant is: how the lock file is used, and what it does is not explained. – Tosh May 19 '15 at 20:52
  • 1
    Ah, I understand. I don't see a description. Your assumption is correct however: if you run `sudo visudo` look at the top line; it sais you are editing `/etc/sudoers.tmp`. – Jacob Vlijm May 19 '15 at 20:58

1 Answers1

3

It is mentioned in man visudo.

From man visudo go to FILES section, you will find :

 /etc/sudoers.tmp          Lock file for visudo

It is also described in the illustration of -f option :

-f sudoers, --file=sudoers

Specify an alternate sudoers file location. With this option, visudo will edit (or check) the sudoers file of your choice, instead of the default, /etc/sudoers. The lock file used is the specified sudoers file with “.tmp” appended to it. In check-only mode only, the argument to -f may be ‘-’, indicating that sudoers will be read from the standard input.

If you are interested you can trace the system calls, here what you will find :

open("/etc/sudoers.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0600) = 7

EDIT :

Your concept is right and yes i also personally think that as this is a generic concept it is not mentioned in the man page.

heemayl
  • 90,425
  • 20
  • 200
  • 267