Home Explore Blog CI



man-pages
3rd chunk of `sudo.man`
d826211bbcde6881e22f50c6d204ddb83c8a7fe146be38490000000100000fe7
 return  an
               error if the user does not have permission to preserve the envi‐
               ronment.  This option may be specified multiple times.

       -e, -‐edit
               Edit one or more files instead of running a command.  In lieu of
               a  path  name, the string "sudoedit" is used when consulting the
               security policy.  If the user is authorized by the  policy,  the
               following steps are taken:

               1.   Temporary  copies  are  made of the files to be edited with
                    the owner set to the invoking user.

               2.   The editor specified by the policy is run to edit the  tem‐
                    porary  files.   The  sudoers  policy uses the SUDO_EDITOR,
                    VISUAL and EDITOR environment variables  (in  that  order).
                    If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first
                    program listed in the editor sudoers(5) option is used.

               3.   If  they have been modified, the temporary files are copied
                    back to their original location and the temporary  versions
                    are removed.

               To help prevent the editing of unauthorized files, the following
               restrictions are enforced unless explicitly allowed by the secu‐
               rity policy:

                •  Symbolic  links  may  not  be  edited  (version  1.8.15  and
                   higher).

                •  Symbolic links along the path to be edited are not  followed
                   when  the  parent directory is writable by the invoking user
                   unless that user is root (version 1.8.16 and higher).

                •  Files located in a directory that is writable by the  invok‐
                   ing user may not be edited unless that user is root (version
                   1.8.16 and higher).

               Users are never allowed to edit device special files.

               If  the  specified file does not exist, it will be created.  Un‐
               like most commands run by sudo, the editor is run with  the  in‐
               voking user’s environment unmodified.  If the temporary file be‐
               comes  empty  after editing, the user will be prompted before it
               is installed.  If, for some reason, sudo is unable to  update  a
               file  with  its  edited version, the user will receive a warning
               and the edited copy will remain in a temporary file.

       -g group, -‐group=group
               Run the command with the primary group set to group  instead  of
               the  primary group specified by the target user’s password data‐
               base entry.  The group may be either a group name or  a  numeric
               group‐ID  (GID)  prefixed with the ‘#’ character (e.g., ‘#0’ for
               GID 0).  When running a command as a GID,  many  shells  require
               that the ‘#’ be escaped with a backslash (‘\’).  If no -u option
               is  specified, the command will be run as the invoking user.  In
               either case, the primary  group  will  be  set  to  group.   The
               sudoers  policy  permits  any  of the target user’s groups to be
               specified via the -g option as long as the -P option is  not  in
               use.

       -H, -‐set‐home
               Request  that the security policy set the HOME environment vari‐
               able to the home directory specified by the target user’s  pass‐
               word  database  entry.  Depending on the policy, this may be the
               default behavior.

       -h, -‐help
               Display a short help message to the standard output and exit.

       -h host, -‐host=host
               Run the command on the specified host  if  the  security  policy
               plugin  supports  remote  commands.  The sudoers plugin does not
               currently support
Title: Sudo Command Options: Edit, Group, Set-Home, and Help
Summary
This section continues detailing options for the `sudo` command, focusing on `-e` (edit) for editing files, which involves creating temporary copies, running an editor (selected via SUDO_EDITOR, VISUAL, or EDITOR), and copying the modified files back. It also outlines restrictions on editing symbolic links and files in writable directories. The section also describes `-g` (group) for running a command with a specified group ID, `-H` (set-home) to set the HOME environment variable to the target user's home directory, and `-h` (help) to display a help message.