| Message ID | 87zhsdqbxv.fsf@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [bug#34005] system: Add sudoedit to %setuid-programs. | expand |
| Context | Check | Description |
|---|---|---|
| cbaines/applying patch | fail | Apply failed |
Hi Meiyo, Meiyo Peng <meiyo.peng@gmail.com> skribis: > This patch adds sudoedit to %setuid-programs. Although sudoedit is > equivalent to "sudo -e" and sudo is already in %setuid-programs, I > prefer to type sudoedit in terminal. sudoedit is a common command in > Linux distros. I use it frequently. It would be great if guix users > are not forced to fallback on "sudo -e". The problem I see is that on GuixSD /etc/sudoers is not supposed to be edited directly. Instead, users are expected to specify ‘sudoers-file’ in their OS config, which generates a read-only /etc/sudoers. Whatever changes you make manually to that file are lost upon reboot or reconfiguration. Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and ‘visudo’ altogether. WDYT? Thanks, Ludo’.
Hi Ludovic, Ludovic Courtès writes: > Hi Meiyo, > > Meiyo Peng <meiyo.peng@gmail.com> skribis: > >> This patch adds sudoedit to %setuid-programs. Although sudoedit is >> equivalent to "sudo -e" and sudo is already in %setuid-programs, I >> prefer to type sudoedit in terminal. sudoedit is a common command in >> Linux distros. I use it frequently. It would be great if guix users >> are not forced to fallback on "sudo -e". > > The problem I see is that on GuixSD /etc/sudoers is not supposed to be > edited directly. Instead, users are expected to specify ‘sudoers-file’ > in their OS config, which generates a read-only /etc/sudoers. > > Whatever changes you make manually to that file are lost upon reboot or > reconfiguration. > > Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and > ‘visudo’ altogether. > > WDYT? I agree we should discourage users to edit files in /etc that are managed by guix. These files will be overridden upon `guix system reconfigure`, so user's modification will be lost. They should change these files in the guix way by using config.scm. However, sudoedit can also be used to edit files in /media, /mnt, /opt, /srv and /var. These files require root priviledge to edit and they are not managed by guix. This is the main reason we need sudoedit. Oh, I also use sudoedit to edit /etc/config.scm. So, WDYT? -- Meiyo Peng https://www.pengmeiyu.com
Meiyo Peng writes: > Hi Ludovic, > > Ludovic Courtès writes: > >> Hi Meiyo, >> >> Meiyo Peng <meiyo.peng@gmail.com> skribis: >> >>> This patch adds sudoedit to %setuid-programs. Although sudoedit is >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I >>> prefer to type sudoedit in terminal. sudoedit is a common command in >>> Linux distros. I use it frequently. It would be great if guix users >>> are not forced to fallback on "sudo -e". >> >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be >> edited directly. Instead, users are expected to specify ‘sudoers-file’ >> in their OS config, which generates a read-only /etc/sudoers. >> >> Whatever changes you make manually to that file are lost upon reboot or >> reconfiguration. >> >> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and >> ‘visudo’ altogether. >> >> WDYT? > > I agree we should discourage users to edit files in /etc that are > managed by guix. These files will be overridden upon `guix system > reconfigure`, so user's modification will be lost. They should change > these files in the guix way by using config.scm. > > However, sudoedit can also be used to edit files in /media, /mnt, /opt, > /srv and /var. These files require root priviledge to edit and they are > not managed by guix. This is the main reason we need sudoedit. > > Oh, I also use sudoedit to edit /etc/config.scm. > > So, WDYT? I think you have confused sudoedit with visudo. visudo is used to edit /etc/sudoers and it can only edit that file. But sudoedit is use to edit any file that requires root priviledge. It's a good habit for sysadmins to edit files with `sudoedit /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can respect my $EDITOR, which is emacsclient, and connect to my Emacs server. So I can edit files in my familiar Emacs environment. This is much better than `sudo emacs /path/to/file`, which starts a vanilla emacs. -- Meiyo Peng https://www.pengmeiyu.com
On Sat, Jan 12, 2019 at 08:28:01PM +0800, Meiyo Peng wrote: > > Meiyo Peng writes: > > > Hi Ludovic, > > > > Ludovic Courtès writes: > > > >> Hi Meiyo, > >> > >> Meiyo Peng <meiyo.peng@gmail.com> skribis: > >> > >>> This patch adds sudoedit to %setuid-programs. Although sudoedit is > >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I > >>> prefer to type sudoedit in terminal. sudoedit is a common command in > >>> Linux distros. I use it frequently. It would be great if guix users > >>> are not forced to fallback on "sudo -e". > >> > >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be > >> edited directly. Instead, users are expected to specify ‘sudoers-file’ > >> in their OS config, which generates a read-only /etc/sudoers. > >> > >> Whatever changes you make manually to that file are lost upon reboot or > >> reconfiguration. > >> > >> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and > >> ‘visudo’ altogether. > >> > >> WDYT? > > > > I agree we should discourage users to edit files in /etc that are > > managed by guix. These files will be overridden upon `guix system > > reconfigure`, so user's modification will be lost. They should change > > these files in the guix way by using config.scm. > > > > However, sudoedit can also be used to edit files in /media, /mnt, /opt, > > /srv and /var. These files require root priviledge to edit and they are > > not managed by guix. This is the main reason we need sudoedit. > > > > Oh, I also use sudoedit to edit /etc/config.scm. > > > > So, WDYT? > > I think you have confused sudoedit with visudo. visudo is used to edit > /etc/sudoers and it can only edit that file. But sudoedit is use to > edit any file that requires root priviledge. > > It's a good habit for sysadmins to edit files with `sudoedit > /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can > respect my $EDITOR, which is emacsclient, and connect to my Emacs > server. So I can edit files in my familiar Emacs environment. This is > much better than `sudo emacs /path/to/file`, which starts a vanilla > emacs. > I hadn't known about sudoedit before this thread. I think it'd be nice to add to the %setuid-programs list and I'd definately try to remember to use it.
Hello, Meiyo Peng <meiyo.peng@gmail.com> skribis: >> Ludovic Courtès writes: [...] >>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be >>> edited directly. Instead, users are expected to specify ‘sudoers-file’ >>> in their OS config, which generates a read-only /etc/sudoers. >>> >>> Whatever changes you make manually to that file are lost upon reboot or >>> reconfiguration. >>> >>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and >>> ‘visudo’ altogether. >>> >>> WDYT? >> >> I agree we should discourage users to edit files in /etc that are >> managed by guix. These files will be overridden upon `guix system >> reconfigure`, so user's modification will be lost. They should change >> these files in the guix way by using config.scm. >> >> However, sudoedit can also be used to edit files in /media, /mnt, /opt, >> /srv and /var. These files require root priviledge to edit and they are >> not managed by guix. This is the main reason we need sudoedit. >> >> Oh, I also use sudoedit to edit /etc/config.scm. >> >> So, WDYT? > > I think you have confused sudoedit with visudo. visudo is used to edit > /etc/sudoers and it can only edit that file. But sudoedit is use to > edit any file that requires root priviledge. Oh indeed, I wrongfully assumed that ‘sudoedit’ is synonymous with ‘visudo’—thanks for explaining! > It's a good habit for sysadmins to edit files with `sudoedit > /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can > respect my $EDITOR, which is emacsclient, and connect to my Emacs > server. So I can edit files in my familiar Emacs environment. This is > much better than `sudo emacs /path/to/file`, which starts a vanilla > emacs. OK, got it. Applied, thanks, and sorry for the confusion! Ludo’.
From 822f58171d10e92106878e1c9687401743ca372c Mon Sep 17 00:00:00 2001 From: Meiyo Peng <meiyo.peng@gmail.com> Date: Sat, 5 Jan 2019 21:06:47 +0800 Subject: [PATCH] system: Add sudoedit to %setuid-programs. * gnu/system.scm (%setuid-programs): Add sudoedit. --- gnu/system.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/system.scm b/gnu/system.scm index ee48f4826..09ee88d43 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com> ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com> ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com> +;;; Copyright © 2019 Meiyo Peng <meiyo.peng@gmail.com> ;;; ;;; This file is part of GNU Guix. ;;; @@ -792,6 +793,7 @@ use 'plain-file' instead~%") (file-append inetutils "/bin/ping") (file-append inetutils "/bin/ping6") (file-append sudo "/bin/sudo") + (file-append sudo "/bin/sudoedit") (file-append fuse "/bin/fusermount")))) (define %sudoers-specification -- 2.20.1