Bug 958

Summary: SUDO_EDITOR environment variable isn't recognized properly
Product: Sudo Reporter: Michael <pvjc7naz0>
Component: VisudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: low    
Priority: low    
Version: 1.9.5   
Hardware: Macintosh   
OS: MacOS X   

Description Michael 2021-02-01 07:34:35 MST 
I just built and upgraded to sudo 1.9.5p2.
visudo is not recognizing the SUDO_EDITOR environment variable as expected.


Environment:
MacOS 10.14.6
bash: GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin18)
Copyright (C) 2007 Free Software Foundation, Inc.

EDITOR=/usr/local/bin/bbedit

I attempted to run visudo.  I got the response:

[Veritas:~] mike$ sudo visudo
Password:
error opening : Permission denied (application error code: 100013).
bbedit: error: -31059
visudo: /etc/sudoers.tmp unchanged
[Veritas:~] mike$ 

According to the docs for sudo, I should be able to set the environment variable SUDO_VISUAL.

[Veritas:~] mike$ SUDO_VISUAL=/usr/bin/vi
[Veritas:~] mike$ sudo visudo
Password:
error opening : Permission denied (application error code: 100013).
bbedit: error: -31059
visudo: /etc/sudoers.tmp unchanged
[Veritas:~] mike$ 

If I unassign EDITOR, then visudo will work.

[Veritas:~] mike$ EDITOR=
[Veritas:~] mike$ sudo visudo
(works as expected)


I tried changing the env_keep option in the /etc/sudoers file to include "SUDO_VISUAL" but that didn't seem to help.
Comment 1 Todd C. Miller 2021-02-01 07:42:02 MST 
SUDO_VISUAL is not listed anywhere in the docs, you need to use SUDO_EDITOR.  The variables are checked in the following order:
    SUDO_EDITOR, VISUAL, EDITOR
The first one found is used.

The VISUAL environment variable isn't used much these days.  It dates from the time when visual terminals were rare and the default editor (ed) was line-based.
Comment 2 Michael 2021-02-01 07:47:58 MST 
You're right, I used the wrong variable.  When I tried SUDO_EDITOR, I got the same result.

[Veritas:~] mike$ echo $EDITOR
/usr/local/bin/bbedit
[Veritas:~] mike$ echo $VISUAL

[Veritas:~] mike$ SUDO_EDITOR=/usr/bin/vi
[Veritas:~] mike$ sudo visudo
Password:
error opening : Permission denied (application error code: 100013).
bbedit: error: -31059
visudo: /etc/sudoers.tmp unchanged
[Veritas:~] mike$ EDITOR=
[Veritas:~] mike$ sudo visudo
 * * * works correctly * * *
visudo: /etc/sudoers.tmp unchanged
[Veritas:~] mike$
Comment 3 Todd C. Miller 2021-02-01 07:57:58 MST 
You didn't export the SUDO_EDITOR variable so it is not actually present in the environment.  Try:

export SUDO_EDITOR=/usr/bin/vi
sudo visudo

I just verified that this works as expected on macOS.
Comment 4 Michael 2021-02-02 18:37:36 MST 
Thank you for catching my mistake.  Thank you for developing and maintaining this wonderful tool.
--Michael