--- Begin Message ---
Subject: |
[PATCH] system: Add sudoedit to %setuid-programs. |
Date: |
Mon, 07 Jan 2019 13:22:20 +0800 |
Hi,
This patch adds sudoedit to %setuid-programs. Although sudoedit is
equivalent to "sudo -e" and sudo is already in %setuid-programs, I
prefer to type sudoedit in terminal. sudoedit is a common command in
Linux distros. I use it frequently. It would be great if guix users
are not forced to fallback on "sudo -e".
>From 822f58171d10e92106878e1c9687401743ca372c Mon Sep 17 00:00:00 2001
From: Meiyo Peng <address@hidden>
Date: Sat, 5 Jan 2019 21:06:47 +0800
Subject: [PATCH] system: Add sudoedit to %setuid-programs.
* gnu/system.scm (%setuid-programs): Add sudoedit.
---
gnu/system.scm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gnu/system.scm b/gnu/system.scm
index ee48f4826..09ee88d43 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2015, 2016 Alex Kost <address@hidden>
;;; Copyright © 2016 Chris Marusich <address@hidden>
;;; Copyright © 2017 Mathieu Othacehe <address@hidden>
+;;; Copyright © 2019 Meiyo Peng <address@hidden>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -792,6 +793,7 @@ use 'plain-file' instead~%")
(file-append inetutils "/bin/ping")
(file-append inetutils "/bin/ping6")
(file-append sudo "/bin/sudo")
+ (file-append sudo "/bin/sudoedit")
(file-append fuse "/bin/fusermount"))))
(define %sudoers-specification
--
2.20.1
--
Meiyo Peng
https://www.pengmeiyu.com/
--- End Message ---
--- Begin Message ---
Subject: |
Re: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs. |
Date: |
Sun, 13 Jan 2019 21:43:15 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) |
Hello,
Meiyo Peng <address@hidden> skribis:
>> Ludovic Courtès writes:
[...]
>>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>>> edited directly. Instead, users are expected to specify ‘sudoers-file’
>>> in their OS config, which generates a read-only /etc/sudoers.
>>>
>>> Whatever changes you make manually to that file are lost upon reboot or
>>> reconfiguration.
>>>
>>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>>> ‘visudo’ altogether.
>>>
>>> WDYT?
>>
>> I agree we should discourage users to edit files in /etc that are
>> managed by guix. These files will be overridden upon `guix system
>> reconfigure`, so user's modification will be lost. They should change
>> these files in the guix way by using config.scm.
>>
>> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
>> /srv and /var. These files require root priviledge to edit and they are
>> not managed by guix. This is the main reason we need sudoedit.
>>
>> Oh, I also use sudoedit to edit /etc/config.scm.
>>
>> So, WDYT?
>
> I think you have confused sudoedit with visudo. visudo is used to edit
> /etc/sudoers and it can only edit that file. But sudoedit is use to
> edit any file that requires root priviledge.
Oh indeed, I wrongfully assumed that ‘sudoedit’ is synonymous with
‘visudo’—thanks for explaining!
> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server. So I can edit files in my familiar Emacs environment. This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.
OK, got it. Applied, thanks, and sorry for the confusion!
Ludo’.
--- End Message ---