[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
visudo with Emacs
visudo with Emacs
Sat, 18 Jun 2011 17:48:27 -0400
Using visudo with $EDITOR set to emacs when saving /etc/sudoers
I'm left with /etc/sudoers.tmp~ in /etc with permissions as rw, i.e:
root> ls -ldZ /etc/sudoers
-r--r-----. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers
root> ls -ldZ /etc/sudoers.tmp~
-rw-------. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers.tmp~
When $EDITOR is not set visudo falls back to using the nonsensical
editor (i.e. /bin/vi). However, unlike Emacs, that editor does not
leave behind an /etc/sudoers.tmp~
AFAICT the stray /etc/sudoers.tmp~ is not in keeping with the
spirit of visudo. Emacs should operate equivalently with vi.
I'm able to remedy this by modifying /root/.bashrc and /root/.emacs to
contain the following:
,---- in /root/.emacs
| (when (member "_=/usr/sbin/visudo" process-environment)
| (add-hook 'find-file-hook 'visudo-sudoers-p))
| (defun visudo-sudoers-p ()
| (setq backup-enable-predicate 'visudo-no-tmp~)
| (add-hook 'after-save-hook 'kill-sudoers.tmp~)))
| (defun kill-sudoers.tmp~ ()
| (when (file-exists-p "/etc/sudoers.tmp~")
| (delete-file "/etc/sudoers.tmp~")))
| (defun visudo-no-tmp~ (maybe-sudoers.tmp)
| (if (string= maybe-sudoers.tmp "/etc/sudoers.tmp")
| (with-current-buffer (get-buffer-create "sudoers.tmp")
| (setq backup-inhibited t)
| (auto-save-mode -1)
| export EMACS="emacs --no-window-system --no-site-file --no-init-file
| -u root -fg white -bg red"
| export EDITOR="$EMACS"
| export VISUAL="$EMACS"
The above exports are bash centric and should really prob. run with an
Emacs built specifically without X support, instead we just pass the
--no-window-system and assume invocation from something resembling a
The fg/bg params are mostly so we _know_ we're in a root'd Emacs.
The --no-init-file is to prevent picking up the init file from the
environment of an su'd user.
I would think something like the elisp above should be included with
Emacs if only to save users the agony of having to use vi :P
I've tested the above configurations from a tty and a gdm'd X session
with an Emacs built from distribution sources and the following build
GNU Emacs 23.3.1 (i686-pc-linux-gnu, GTK+ Version 2.24.4) of 2011-06-15
Windowing system distributor `Fedora Project', version 11.0.11001000
configured using `configure ''--without-xft' '--with-x-toolkit=gtk'
'--with-dbus' '--with-gif' '--with-jpeg' '--with-png' '--with-rsvg'
'--with-tiff' '--with-xpm' '--without-sound''
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: @im=none
default enable-multibyte-characters: t
- visudo with Emacs,
MON KEY <=