[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: visudo with Emacs

Subject: Re: visudo with Emacs
Date: Mon, 20 Jun 2011 01:55:55 -0400

On Sun, Jun 19, 2011 at 5:25 PM, Sven Joachim <address@hidden> wrote:
> More exactly, visudo renames /etc/sudoers.tmp to /etc/sudoers so that
> the commit is indeed atomic.

Thank you for clarifying with specificity
(it wasn't IMO entirely clear from man visudo).

>> My impression is that neither /etc/sudoers.tmp nor the backup file
>> /etc/sudoers.tmp~ are meant to be retained.
> Since it serves as a lockfile, /etc/sudoers.tmp must not be retained
> (visudo either renames or unlinks it, depending on whether you have made
> changes or not), but /etc/sudoers.tmp~ does no harm.

I'm sure you're right.

Still, it seems there may be corner cases where the backup might not
be entirely sanitary.  I'm still curious though about what happens to
the inode (and corresponding metadata) around /etc/sudoers.tmp~ e.g.:

root> ls -ldZ /etc/sudoers.tmp~
 -rw-------. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers.tmp~

>> Restoring from /etc/sudoers.tmp~ would amount to restoring from the
>> lock file not /etc/sudoers !
> And?  /etc/sudoers.tmp~ is still a backup file of /etc/sudoers and so
> might be useful.

How can it be both?
Either its a backup of /etc/sudoers or of /etc/sudoers.tmp~

Depending on the underlying linking it might _be_ useful albeit maybe
in unintended ways...

> Cheers,
>       Sven


reply via email to

[Prev in Thread] Current Thread [Next in Thread]