[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.

From: Meiyo Peng
Subject: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
Date: Sat, 12 Jan 2019 20:28:01 +0800
User-agent: mu4e 1.0; emacs 26.1

Meiyo Peng writes:

> Hi Ludovic,
> Ludovic Courtès writes:
>> Hi Meiyo,
>> Meiyo Peng <address@hidden> skribis:
>>> This patch adds sudoedit to %setuid-programs.  Although sudoedit is
>>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
>>> prefer to type sudoedit in terminal.  sudoedit is a common command in
>>> Linux distros.  I use it frequently.  It would be great if guix users
>>> are not forced to fallback on "sudo -e".
>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>> edited directly.  Instead, users are expected to specify ‘sudoers-file’
>> in their OS config, which generates a read-only /etc/sudoers.
>> Whatever changes you make manually to that file are lost upon reboot or
>> reconfiguration.
>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>> ‘visudo’ altogether.
>> WDYT?
> I agree we should discourage users to edit files in /etc that are
> managed by guix.  These files will be overridden upon `guix system
> reconfigure`, so user's modification will be lost.  They should change
> these files in the guix way by using config.scm.
> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
> /srv and /var.  These files require root priviledge to edit and they are
> not managed by guix.  This is the main reason we need sudoedit.
> Oh, I also use sudoedit to edit /etc/config.scm.
> So, WDYT?

I think you have confused sudoedit with visudo.  visudo is used to edit
/etc/sudoers and it can only edit that file.  But sudoedit is use to
edit any file that requires root priviledge.

It's a good habit for sysadmins to edit files with `sudoedit
/path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
respect my $EDITOR, which is emacsclient, and connect to my Emacs
server.  So I can edit files in my familiar Emacs environment.  This is
much better than `sudo emacs /path/to/file`, which starts a vanilla

Meiyo Peng

reply via email to

[Prev in Thread] Current Thread [Next in Thread]