[bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.

From:	Efraim Flashner
Subject:	[bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
Date:	Sat, 12 Jan 2019 22:03:35 +0200
User-agent:	Mutt/1.11.0 (2018-11-25)

On Sat, Jan 12, 2019 at 08:28:01PM +0800, Meiyo Peng wrote:
> 
> Meiyo Peng writes:
> 
> > Hi Ludovic,
> >
> > Ludovic Courtès writes:
> >
> >> Hi Meiyo,
> >>
> >> Meiyo Peng <address@hidden> skribis:
> >>
> >>> This patch adds sudoedit to %setuid-programs.  Although sudoedit is
> >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
> >>> prefer to type sudoedit in terminal.  sudoedit is a common command in
> >>> Linux distros.  I use it frequently.  It would be great if guix users
> >>> are not forced to fallback on "sudo -e".
> >>
> >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
> >> edited directly.  Instead, users are expected to specify ‘sudoers-file’
> >> in their OS config, which generates a read-only /etc/sudoers.
> >>
> >> Whatever changes you make manually to that file are lost upon reboot or
> >> reconfiguration.
> >>
> >> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
> >> ‘visudo’ altogether.
> >>
> >> WDYT?
> >
> > I agree we should discourage users to edit files in /etc that are
> > managed by guix.  These files will be overridden upon `guix system
> > reconfigure`, so user's modification will be lost.  They should change
> > these files in the guix way by using config.scm.
> >
> > However, sudoedit can also be used to edit files in /media, /mnt, /opt,
> > /srv and /var.  These files require root priviledge to edit and they are
> > not managed by guix.  This is the main reason we need sudoedit.
> >
> > Oh, I also use sudoedit to edit /etc/config.scm.
> >
> > So, WDYT?
> 
> I think you have confused sudoedit with visudo.  visudo is used to edit
> /etc/sudoers and it can only edit that file.  But sudoedit is use to
> edit any file that requires root priviledge.
> 
> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server.  So I can edit files in my familiar Emacs environment.  This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.
> 

I hadn't known about sudoedit before this thread. I think it'd be nice
to add to the %setuid-programs list and I'd definately try to remember
to use it.

-- 
Efraim Flashner   <address@hidden>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#34005] [PATCH] system: Add sudoedit to %setuid-programs., Meiyo Peng, 2019/01/07
- [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs., Ludovic Courtès, 2019/01/12
  - [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs., Meiyo Peng, 2019/01/12
    - [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs., Meiyo Peng, 2019/01/12
    - [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs., Efraim Flashner <=
    - bug#34005: [PATCH] system: Add sudoedit to %setuid-programs., Ludovic Courtès, 2019/01/13

Prev by Date: bug#33957: [PATCH] gnu: Add missing search-path definitions to guile libraries.
Next by Date: [bug#34040] [PATCH 2/2] import: cran: Suggest input changes.
Previous by thread: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
Next by thread: bug#34005: [PATCH] system: Add sudoedit to %setuid-programs.
Index(es):
- Date
- Thread