GNU bug report logs -
#34005
[PATCH] system: Add sudoedit to %setuid-programs.
Previous Next
Reported by: Meiyo Peng <meiyo.peng <at> gmail.com>
Date: Mon, 7 Jan 2019 05:23:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34005 in the body.
You can then email your comments to 34005 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#34005; Package
guix-patches.
(Mon, 07 Jan 2019 05:23:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Meiyo Peng <meiyo.peng <at> gmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 07 Jan 2019 05:23:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi,
This patch adds sudoedit to %setuid-programs. Although sudoedit is
equivalent to "sudo -e" and sudo is already in %setuid-programs, I
prefer to type sudoedit in terminal. sudoedit is a common command in
Linux distros. I use it frequently. It would be great if guix users
are not forced to fallback on "sudo -e".
[0001-system-Add-sudoedit-to-setuid-programs.patch (text/x-patch, inline)]
From 822f58171d10e92106878e1c9687401743ca372c Mon Sep 17 00:00:00 2001
From: Meiyo Peng <meiyo.peng <at> gmail.com>
Date: Sat, 5 Jan 2019 21:06:47 +0800
Subject: [PATCH] system: Add sudoedit to %setuid-programs.
* gnu/system.scm (%setuid-programs): Add sudoedit.
---
gnu/system.scm | 2 ++
1 file changed, 2 insertions(+)
diff --git a/gnu/system.scm b/gnu/system.scm
index ee48f4826..09ee88d43 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -4,6 +4,7 @@
;;; Copyright © 2015, 2016 Alex Kost <alezost <at> gmail.com>
;;; Copyright © 2016 Chris Marusich <cmmarusich <at> gmail.com>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe <at> gmail.com>
+;;; Copyright © 2019 Meiyo Peng <meiyo.peng <at> gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -792,6 +793,7 @@ use 'plain-file' instead~%")
(file-append inetutils "/bin/ping")
(file-append inetutils "/bin/ping6")
(file-append sudo "/bin/sudo")
+ (file-append sudo "/bin/sudoedit")
(file-append fuse "/bin/fusermount"))))
(define %sudoers-specification
--
2.20.1
[Message part 3 (text/plain, inline)]
--
Meiyo Peng
https://www.pengmeiyu.com/
Information forwarded
to
guix-patches <at> gnu.org:
bug#34005; Package
guix-patches.
(Sat, 12 Jan 2019 10:42:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 34005 <at> debbugs.gnu.org (full text, mbox):
Hi Meiyo,
Meiyo Peng <meiyo.peng <at> gmail.com> skribis:
> This patch adds sudoedit to %setuid-programs. Although sudoedit is
> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
> prefer to type sudoedit in terminal. sudoedit is a common command in
> Linux distros. I use it frequently. It would be great if guix users
> are not forced to fallback on "sudo -e".
The problem I see is that on GuixSD /etc/sudoers is not supposed to be
edited directly. Instead, users are expected to specify ‘sudoers-file’
in their OS config, which generates a read-only /etc/sudoers.
Whatever changes you make manually to that file are lost upon reboot or
reconfiguration.
Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
‘visudo’ altogether.
WDYT?
Thanks,
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#34005; Package
guix-patches.
(Sat, 12 Jan 2019 12:07:03 GMT)
Full text and
rfc822 format available.
Message #11 received at 34005 <at> debbugs.gnu.org (full text, mbox):
Hi Ludovic,
Ludovic Courtès writes:
> Hi Meiyo,
>
> Meiyo Peng <meiyo.peng <at> gmail.com> skribis:
>
>> This patch adds sudoedit to %setuid-programs. Although sudoedit is
>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
>> prefer to type sudoedit in terminal. sudoedit is a common command in
>> Linux distros. I use it frequently. It would be great if guix users
>> are not forced to fallback on "sudo -e".
>
> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
> edited directly. Instead, users are expected to specify ‘sudoers-file’
> in their OS config, which generates a read-only /etc/sudoers.
>
> Whatever changes you make manually to that file are lost upon reboot or
> reconfiguration.
>
> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
> ‘visudo’ altogether.
>
> WDYT?
I agree we should discourage users to edit files in /etc that are
managed by guix. These files will be overridden upon `guix system
reconfigure`, so user's modification will be lost. They should change
these files in the guix way by using config.scm.
However, sudoedit can also be used to edit files in /media, /mnt, /opt,
/srv and /var. These files require root priviledge to edit and they are
not managed by guix. This is the main reason we need sudoedit.
Oh, I also use sudoedit to edit /etc/config.scm.
So, WDYT?
--
Meiyo Peng
https://www.pengmeiyu.com
Information forwarded
to
guix-patches <at> gnu.org:
bug#34005; Package
guix-patches.
(Sat, 12 Jan 2019 12:29:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 34005 <at> debbugs.gnu.org (full text, mbox):
Meiyo Peng writes:
> Hi Ludovic,
>
> Ludovic Courtès writes:
>
>> Hi Meiyo,
>>
>> Meiyo Peng <meiyo.peng <at> gmail.com> skribis:
>>
>>> This patch adds sudoedit to %setuid-programs. Although sudoedit is
>>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
>>> prefer to type sudoedit in terminal. sudoedit is a common command in
>>> Linux distros. I use it frequently. It would be great if guix users
>>> are not forced to fallback on "sudo -e".
>>
>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>> edited directly. Instead, users are expected to specify ‘sudoers-file’
>> in their OS config, which generates a read-only /etc/sudoers.
>>
>> Whatever changes you make manually to that file are lost upon reboot or
>> reconfiguration.
>>
>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>> ‘visudo’ altogether.
>>
>> WDYT?
>
> I agree we should discourage users to edit files in /etc that are
> managed by guix. These files will be overridden upon `guix system
> reconfigure`, so user's modification will be lost. They should change
> these files in the guix way by using config.scm.
>
> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
> /srv and /var. These files require root priviledge to edit and they are
> not managed by guix. This is the main reason we need sudoedit.
>
> Oh, I also use sudoedit to edit /etc/config.scm.
>
> So, WDYT?
I think you have confused sudoedit with visudo. visudo is used to edit
/etc/sudoers and it can only edit that file. But sudoedit is use to
edit any file that requires root priviledge.
It's a good habit for sysadmins to edit files with `sudoedit
/path/to/file` rather than `sudo editor /path/to/file`. sudoedit can
respect my $EDITOR, which is emacsclient, and connect to my Emacs
server. So I can edit files in my familiar Emacs environment. This is
much better than `sudo emacs /path/to/file`, which starts a vanilla
emacs.
--
Meiyo Peng
https://www.pengmeiyu.com
Information forwarded
to
guix-patches <at> gnu.org:
bug#34005; Package
guix-patches.
(Sat, 12 Jan 2019 20:04:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 34005 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sat, Jan 12, 2019 at 08:28:01PM +0800, Meiyo Peng wrote:
>
> Meiyo Peng writes:
>
> > Hi Ludovic,
> >
> > Ludovic Courtès writes:
> >
> >> Hi Meiyo,
> >>
> >> Meiyo Peng <meiyo.peng <at> gmail.com> skribis:
> >>
> >>> This patch adds sudoedit to %setuid-programs. Although sudoedit is
> >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
> >>> prefer to type sudoedit in terminal. sudoedit is a common command in
> >>> Linux distros. I use it frequently. It would be great if guix users
> >>> are not forced to fallback on "sudo -e".
> >>
> >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
> >> edited directly. Instead, users are expected to specify ‘sudoers-file’
> >> in their OS config, which generates a read-only /etc/sudoers.
> >>
> >> Whatever changes you make manually to that file are lost upon reboot or
> >> reconfiguration.
> >>
> >> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
> >> ‘visudo’ altogether.
> >>
> >> WDYT?
> >
> > I agree we should discourage users to edit files in /etc that are
> > managed by guix. These files will be overridden upon `guix system
> > reconfigure`, so user's modification will be lost. They should change
> > these files in the guix way by using config.scm.
> >
> > However, sudoedit can also be used to edit files in /media, /mnt, /opt,
> > /srv and /var. These files require root priviledge to edit and they are
> > not managed by guix. This is the main reason we need sudoedit.
> >
> > Oh, I also use sudoedit to edit /etc/config.scm.
> >
> > So, WDYT?
>
> I think you have confused sudoedit with visudo. visudo is used to edit
> /etc/sudoers and it can only edit that file. But sudoedit is use to
> edit any file that requires root priviledge.
>
> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server. So I can edit files in my familiar Emacs environment. This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.
>
I hadn't known about sudoedit before this thread. I think it'd be nice
to add to the %setuid-programs list and I'd definately try to remember
to use it.
--
Efraim Flashner <efraim <at> flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
[signature.asc (application/pgp-signature, inline)]
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Sun, 13 Jan 2019 20:44:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Meiyo Peng <meiyo.peng <at> gmail.com>:
bug acknowledged by developer.
(Sun, 13 Jan 2019 20:44:02 GMT)
Full text and
rfc822 format available.
Message #22 received at 34005-done <at> debbugs.gnu.org (full text, mbox):
Hello,
Meiyo Peng <meiyo.peng <at> gmail.com> skribis:
>> Ludovic Courtès writes:
[...]
>>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>>> edited directly. Instead, users are expected to specify ‘sudoers-file’
>>> in their OS config, which generates a read-only /etc/sudoers.
>>>
>>> Whatever changes you make manually to that file are lost upon reboot or
>>> reconfiguration.
>>>
>>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>>> ‘visudo’ altogether.
>>>
>>> WDYT?
>>
>> I agree we should discourage users to edit files in /etc that are
>> managed by guix. These files will be overridden upon `guix system
>> reconfigure`, so user's modification will be lost. They should change
>> these files in the guix way by using config.scm.
>>
>> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
>> /srv and /var. These files require root priviledge to edit and they are
>> not managed by guix. This is the main reason we need sudoedit.
>>
>> Oh, I also use sudoedit to edit /etc/config.scm.
>>
>> So, WDYT?
>
> I think you have confused sudoedit with visudo. visudo is used to edit
> /etc/sudoers and it can only edit that file. But sudoedit is use to
> edit any file that requires root priviledge.
Oh indeed, I wrongfully assumed that ‘sudoedit’ is synonymous with
‘visudo’—thanks for explaining!
> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server. So I can edit files in my familiar Emacs environment. This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.
OK, got it. Applied, thanks, and sorry for the confusion!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 11 Feb 2019 12:24:03 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 75 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.