When I edit /etc/sudoers using visudo, I think it saves to sudoers.tmp, checks it for errors, then copies it to the real /etc/sudoers.
However, I can't confirm my theory (how the lock file is used) in the man pages: http://manpages.ubuntu.com/manpages/dapper/man8/visudo.8.html - it's not described there.
Does anyone know if this behavior is described anywhere? Or is this because lock files are so common it's not described in visudo?
It is mentioned in man visudo.
From man visudo go to FILES section, you will find :
/etc/sudoers.tmp Lock file for visudo
It is also described in the illustration of -f option :
-f sudoers, --file=sudoers
Specify an alternate sudoers file location. With this option, visudo will edit (or check) the sudoers file of your choice, instead of the default, /etc/sudoers. The lock file used is the specified sudoers file with “.tmp” appended to it. In check-only mode only, the argument to -f may be ‘-’, indicating that sudoers will be read from the standard input.
If you are interested you can trace the system calls, here what you will find :
open("/etc/sudoers.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0600) = 7
EDIT :
Your concept is right and yes i also personally think that as this is a generic concept it is not mentioned in the man page.
