[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: visudo with Emacs

From: Sven Joachim
Subject: Re: visudo with Emacs
Date: Mon, 20 Jun 2011 19:52:45 +0200
User-agent: Gnus/5.110017 (No Gnus v0.17) Emacs/23.3.50 (gnu/linux)

On 2011-06-20 07:55 +0200, MON KEY wrote:

> Still, it seems there may be corner cases where the backup might not
> be entirely sanitary.  I'm still curious though about what happens to
> the inode (and corresponding metadata) around /etc/sudoers.tmp~ e.g.:
> root> ls -ldZ /etc/sudoers.tmp~
>  -rw-------. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers.tmp~

The permissions are not what sudo expects (unless you have configured it
--with-sudoers-mode 600), and security context can only be preserved if
both visudo and Emacs support selinux.

>>> Restoring from /etc/sudoers.tmp~ would amount to restoring from the
>>> lock file not /etc/sudoers !

The recommended way to restore is to run visudo again and restore
sudoers.tmp within the editor.  Otherwise you risk shooting yourself in
the foot, like you do when editing /etc/sudoers directly.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]