Bug 958 – SUDO_EDITOR environment variable isn't recognized properly

Bug 958 - SUDO_EDITOR environment variable isn't recognized properly


Summary:	SUDO_EDITOR environment variable isn't recognized properly

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Visudo
Version:	1.9.5
Hardware:	Macintosh MacOS X

Importance:	low low
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2021-02-01 07:34 MST by Michael
Modified:	2021-02-02 18:37 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael 2021-02-01 07:34:35 MST

I just built and upgraded to sudo 1.9.5p2.
visudo is not recognizing the SUDO_EDITOR environment variable as expected.


Environment:
MacOS 10.14.6
bash: GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin18)
Copyright (C) 2007 Free Software Foundation, Inc.

EDITOR=/usr/local/bin/bbedit

I attempted to run visudo.  I got the response:

[Veritas:~] mike$ sudo visudo
Password:
error opening : Permission denied (application error code: 100013).
bbedit: error: -31059
visudo: /etc/sudoers.tmp unchanged
[Veritas:~] mike$ 

According to the docs for sudo, I should be able to set the environment variable SUDO_VISUAL.

[Veritas:~] mike$ SUDO_VISUAL=/usr/bin/vi
[Veritas:~] mike$ sudo visudo
Password:
error opening : Permission denied (application error code: 100013).
bbedit: error: -31059
visudo: /etc/sudoers.tmp unchanged
[Veritas:~] mike$ 

If I unassign EDITOR, then visudo will work.

[Veritas:~] mike$ EDITOR=
[Veritas:~] mike$ sudo visudo
(works as expected)


I tried changing the env_keep option in the /etc/sudoers file to include "SUDO_VISUAL" but that didn't seem to help.

Comment 1 Todd C. Miller 2021-02-01 07:42:02 MST

SUDO_VISUAL is not listed anywhere in the docs, you need to use SUDO_EDITOR.  The variables are checked in the following order:
    SUDO_EDITOR, VISUAL, EDITOR
The first one found is used.

The VISUAL environment variable isn't used much these days.  It dates from the time when visual terminals were rare and the default editor (ed) was line-based.

Comment 2 Michael 2021-02-01 07:47:58 MST

You're right, I used the wrong variable.  When I tried SUDO_EDITOR, I got the same result.

[Veritas:~] mike$ echo $EDITOR
/usr/local/bin/bbedit
[Veritas:~] mike$ echo $VISUAL

[Veritas:~] mike$ SUDO_EDITOR=/usr/bin/vi
[Veritas:~] mike$ sudo visudo
Password:
error opening : Permission denied (application error code: 100013).
bbedit: error: -31059
visudo: /etc/sudoers.tmp unchanged
[Veritas:~] mike$ EDITOR=
[Veritas:~] mike$ sudo visudo
 * * * works correctly * * *
visudo: /etc/sudoers.tmp unchanged
[Veritas:~] mike$

Comment 3 Todd C. Miller 2021-02-01 07:57:58 MST

You didn't export the SUDO_EDITOR variable so it is not actually present in the environment.  Try:

export SUDO_EDITOR=/usr/bin/vi
sudo visudo

I just verified that this works as expected on macOS.

Comment 4 Michael 2021-02-02 18:37:36 MST

Thank you for catching my mistake.  Thank you for developing and maintaining this wonderful tool.
--Michael