Why do we need to use visudo instead of directly modifying the sudoers file?
visudo
checks the file syntax before actually overwriting the sudoers
file.
If you use a plain editor, mess up the syntax, and save... sudo
will (probably) stop working, and, since /etc/sudoers
is only modifiable by root
, you're stuck (unless you have another way of gaining root).
Additionally it ensures that the edits will be one atomic operation. This locking is important if you need to ensure nobody else can mess up your carefully considered config changes. For editing other files as root besides /etc/sudoers
there is the sudoedit
command which also guard against such editing conflicts.
From the visudo man page:
visudo locks the sudoers file against multiple simultaneous edits, provides basic sanity checks, and checks for parse errors. If the sudoers file is currently being edited you will receive a message to try again later.
Also check this answer from serverfault.