On Sat, Jan 12, 2019 at 08:28:01PM +0800, Meiyo Peng wrote: > > Meiyo Peng writes: > > > Hi Ludovic, > > > > Ludovic Courtès writes: > > > >> Hi Meiyo, > >> > >> Meiyo Peng skribis: > >> > >>> This patch adds sudoedit to %setuid-programs. Although sudoedit is > >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I > >>> prefer to type sudoedit in terminal. sudoedit is a common command in > >>> Linux distros. I use it frequently. It would be great if guix users > >>> are not forced to fallback on "sudo -e". > >> > >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be > >> edited directly. Instead, users are expected to specify ‘sudoers-file’ > >> in their OS config, which generates a read-only /etc/sudoers. > >> > >> Whatever changes you make manually to that file are lost upon reboot or > >> reconfiguration. > >> > >> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and > >> ‘visudo’ altogether. > >> > >> WDYT? > > > > I agree we should discourage users to edit files in /etc that are > > managed by guix. These files will be overridden upon `guix system > > reconfigure`, so user's modification will be lost. They should change > > these files in the guix way by using config.scm. > > > > However, sudoedit can also be used to edit files in /media, /mnt, /opt, > > /srv and /var. These files require root priviledge to edit and they are > > not managed by guix. This is the main reason we need sudoedit. > > > > Oh, I also use sudoedit to edit /etc/config.scm. > > > > So, WDYT? > > I think you have confused sudoedit with visudo. visudo is used to edit > /etc/sudoers and it can only edit that file. But sudoedit is use to > edit any file that requires root priviledge. > > It's a good habit for sysadmins to edit files with `sudoedit > /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can > respect my $EDITOR, which is emacsclient, and connect to my Emacs > server. So I can edit files in my familiar Emacs environment. This is > much better than `sudo emacs /path/to/file`, which starts a vanilla > emacs. > I hadn't known about sudoedit before this thread. I think it'd be nice to add to the %setuid-programs list and I'd definately try to remember to use it. -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted