[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.

From: Efraim Flashner
Subject: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
Date: Sat, 12 Jan 2019 22:03:35 +0200
User-agent: Mutt/1.11.0 (2018-11-25)

On Sat, Jan 12, 2019 at 08:28:01PM +0800, Meiyo Peng wrote:
> Meiyo Peng writes:
> > Hi Ludovic,
> >
> > Ludovic Courtès writes:
> >
> >> Hi Meiyo,
> >>
> >> Meiyo Peng <address@hidden> skribis:
> >>
> >>> This patch adds sudoedit to %setuid-programs.  Although sudoedit is
> >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
> >>> prefer to type sudoedit in terminal.  sudoedit is a common command in
> >>> Linux distros.  I use it frequently.  It would be great if guix users
> >>> are not forced to fallback on "sudo -e".
> >>
> >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
> >> edited directly.  Instead, users are expected to specify ‘sudoers-file’
> >> in their OS config, which generates a read-only /etc/sudoers.
> >>
> >> Whatever changes you make manually to that file are lost upon reboot or
> >> reconfiguration.
> >>
> >> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
> >> ‘visudo’ altogether.
> >>
> >> WDYT?
> >
> > I agree we should discourage users to edit files in /etc that are
> > managed by guix.  These files will be overridden upon `guix system
> > reconfigure`, so user's modification will be lost.  They should change
> > these files in the guix way by using config.scm.
> >
> > However, sudoedit can also be used to edit files in /media, /mnt, /opt,
> > /srv and /var.  These files require root priviledge to edit and they are
> > not managed by guix.  This is the main reason we need sudoedit.
> >
> > Oh, I also use sudoedit to edit /etc/config.scm.
> >
> > So, WDYT?
> I think you have confused sudoedit with visudo.  visudo is used to edit
> /etc/sudoers and it can only edit that file.  But sudoedit is use to
> edit any file that requires root priviledge.
> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server.  So I can edit files in my familiar Emacs environment.  This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.

I hadn't known about sudoedit before this thread. I think it'd be nice
to add to the %setuid-programs list and I'd definately try to remember
to use it.

Efraim Flashner   <address@hidden>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]