visudo edits /etc/sudoers (and files in /etc/sudoers.d/) with syntax validation and locking. It is the only correct way to edit sudoers: a syntax error saved directly could lock everyone out of sudo.
sudo visudo # edit /etc/sudoers
sudo visudo -f /etc/sudoers.d/alice # edit a drop-in file
sudo visudo -c # check existing files for syntax errors
visudo opens the file in $EDITOR (defaulting to vi), validates on save, and refuses to write if the syntax is broken, giving you a chance to fix it. The drop-in directory /etc/sudoers.d/ is preferred for per-user or per-package rules so package upgrades don't clobber customisation.
Related terms: sudo, pam
Discussed in:
- Chapter 9: Users, Groups, and Permissions — sudo and Privilege Escalation