From unknown Mon Aug 18 00:06:06 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#34005 <34005@debbugs.gnu.org> To: bug#34005 <34005@debbugs.gnu.org> Subject: Status: [PATCH] system: Add sudoedit to %setuid-programs. Reply-To: bug#34005 <34005@debbugs.gnu.org> Date: Mon, 18 Aug 2025 07:06:06 +0000 retitle 34005 [PATCH] system: Add sudoedit to %setuid-programs. reassign 34005 guix-patches submitter 34005 Meiyo Peng severity 34005 normal tag 34005 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 07 00:22:42 2019 Received: (at submit) by debbugs.gnu.org; 7 Jan 2019 05:22:42 +0000 Received: from localhost ([127.0.0.1]:47561 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ggNN3-0004xb-TM for submit@debbugs.gnu.org; Mon, 07 Jan 2019 00:22:42 -0500 Received: from eggs.gnu.org ([209.51.188.92]:47030) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ggNN1-0004xN-RF for submit@debbugs.gnu.org; Mon, 07 Jan 2019 00:22:40 -0500 Received: from lists.gnu.org ([209.51.188.17]:39610) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ggNMv-0002vw-Sj for submit@debbugs.gnu.org; Mon, 07 Jan 2019 00:22:34 -0500 Received: from eggs.gnu.org ([209.51.188.92]:57224) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ggNMu-0005fh-Q9 for guix-patches@gnu.org; Mon, 07 Jan 2019 00:22:33 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ggNMt-0002v4-LO for guix-patches@gnu.org; Mon, 07 Jan 2019 00:22:32 -0500 Received: from mail-pg1-x534.google.com ([2607:f8b0:4864:20::534]:45541) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ggNMq-0002u1-M5 for guix-patches@gnu.org; Mon, 07 Jan 2019 00:22:30 -0500 Received: by mail-pg1-x534.google.com with SMTP id y4so20199082pgc.12 for ; Sun, 06 Jan 2019 21:22:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version; bh=VrHKgr+WIScNwkQ+uNjwT9xc9LKAWHbyzLCa68hvyew=; b=tY2CSYMBCNw2h59/e5E6vfLzKHOr89Hm4845zFDJaog9VErlx5xkUjlczA/3q+YTm9 UUf2jBORiKYhpKSenkeimu1yq+oNvYdp7scJbo9WPLXFkTKep1k4qYnLJQh5OB8Reu5j wIGsxzCnjeocMhr+VotLvIsjQGvf3aJRQi0eQqY3ZUVG/p0vmSPxqRI8oG35AhRmlOBU BRJSSoDF45DNhSi7Qa5SXjqST8X5byvdZtog9/b0IsUS4DoSN5305Aqdi13Zb6qZdlvI /f4uMgB0IHEyFac3TSy/s3eoPSaQNRQnQur+KKcB9Vey3yQEKdPJPIpwYDSpmlBtuMuD gFww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version; bh=VrHKgr+WIScNwkQ+uNjwT9xc9LKAWHbyzLCa68hvyew=; b=SZS5brcZ0/tsyqvZ8nU4sNSjMYt5NQ3G4npv1WzEHn6jYQC3LwGO+x+tvoQjXYOHpv aBJ92WSq2NCcsRzG8jvpkahHMGvgLiRVTdKukf0dj6ziW/Qqm9s++BEaMO8LGNtFC02/ 4q2h/lhuVYd4XHDYG903C+7Tje/lH4aXFk/c3AtLfgrXVJLAGtyD/LRGltip87ek6Jcm yd9wsnc/vejjbRZP8W4jRNQCCoR6tcE2kRgeyaVscDgc+iR7WaZf8wVBAc9stEWFsJd+ lTCG0F3h/mvuOFnH2UOr/yPuwlYY5ggpBMTpmD/TZGKs3CSGxBpkq/E72QUGIubb1cey 5/1A== X-Gm-Message-State: AA+aEWbjp6VcMqmTdq/I5FxHa5SHMQwh1Uoal+8Lda4/DHjf3SP+F/95 uL/AToi5Xin4rdELuFAR6EfIEaKgzu8= X-Google-Smtp-Source: AFSGD/XyUmx4vADlphs1V3Gy8DCPFLsIOBpkv3dKCx2cyyJqB2kBNVc307PlKVfXeoBj2T9Z3OzunA== X-Received: by 2002:a62:6408:: with SMTP id y8mr61230479pfb.202.1546838544833; Sun, 06 Jan 2019 21:22:24 -0800 (PST) Received: from dinosaur (144.34.217.65.16clouds.com. [144.34.217.65]) by smtp.gmail.com with ESMTPSA id u137sm117171636pfc.140.2019.01.06.21.22.23 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 06 Jan 2019 21:22:24 -0800 (PST) From: Meiyo Peng To: guix-patches@gnu.org Subject: [PATCH] system: Add sudoedit to %setuid-programs. Date: Mon, 07 Jan 2019 13:22:20 +0800 Message-ID: <87zhsdqbxv.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:4864:20::534 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --=-=-= Content-Type: text/plain Hi, This patch adds sudoedit to %setuid-programs. Although sudoedit is equivalent to "sudo -e" and sudo is already in %setuid-programs, I prefer to type sudoedit in terminal. sudoedit is a common command in Linux distros. I use it frequently. It would be great if guix users are not forced to fallback on "sudo -e". --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-system-Add-sudoedit-to-setuid-programs.patch Content-Transfer-Encoding: quoted-printable >From 822f58171d10e92106878e1c9687401743ca372c Mon Sep 17 00:00:00 2001 From: Meiyo Peng Date: Sat, 5 Jan 2019 21:06:47 +0800 Subject: [PATCH] system: Add sudoedit to %setuid-programs. * gnu/system.scm (%setuid-programs): Add sudoedit. --- gnu/system.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/system.scm b/gnu/system.scm index ee48f4826..09ee88d43 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -4,6 +4,7 @@ ;;; Copyright =C2=A9 2015, 2016 Alex Kost ;;; Copyright =C2=A9 2016 Chris Marusich ;;; Copyright =C2=A9 2017 Mathieu Othacehe +;;; Copyright =C2=A9 2019 Meiyo Peng ;;; ;;; This file is part of GNU Guix. ;;; @@ -792,6 +793,7 @@ use 'plain-file' instead~%") (file-append inetutils "/bin/ping") (file-append inetutils "/bin/ping6") (file-append sudo "/bin/sudo") + (file-append sudo "/bin/sudoedit") (file-append fuse "/bin/fusermount")))) =20 (define %sudoers-specification --=20 2.20.1 --=-=-= Content-Type: text/plain -- Meiyo Peng https://www.pengmeiyu.com/ --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 12 05:41:24 2019 Received: (at 34005) by debbugs.gnu.org; 12 Jan 2019 10:41:24 +0000 Received: from localhost ([127.0.0.1]:56551 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1giGjD-0008TR-W5 for submit@debbugs.gnu.org; Sat, 12 Jan 2019 05:41:24 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:42244) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1giGjC-0008TJ-Kj for 34005@debbugs.gnu.org; Sat, 12 Jan 2019 05:41:23 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id E36C31A17; Sat, 12 Jan 2019 11:41:21 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JwKhiDe6jZlR; Sat, 12 Jan 2019 11:41:21 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 026C119FA; Sat, 12 Jan 2019 11:41:20 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Meiyo Peng Subject: Re: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs. References: <87zhsdqbxv.fsf@gmail.com> Date: Sat, 12 Jan 2019 11:41:20 +0100 In-Reply-To: <87zhsdqbxv.fsf@gmail.com> (Meiyo Peng's message of "Mon, 07 Jan 2019 13:22:20 +0800") Message-ID: <87h8ee6tv3.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 34005 Cc: 34005@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hi Meiyo, Meiyo Peng skribis: > This patch adds sudoedit to %setuid-programs. Although sudoedit is > equivalent to "sudo -e" and sudo is already in %setuid-programs, I > prefer to type sudoedit in terminal. sudoedit is a common command in > Linux distros. I use it frequently. It would be great if guix users > are not forced to fallback on "sudo -e". The problem I see is that on GuixSD /etc/sudoers is not supposed to be edited directly. Instead, users are expected to specify =E2=80=98sudoers-f= ile=E2=80=99 in their OS config, which generates a read-only /etc/sudoers. Whatever changes you make manually to that file are lost upon reboot or reconfiguration. Thus I feel like we should discourage =E2=80=98sudo -e=E2=80=99, =E2=80=99s= udoedit=E2=80=99, and =E2=80=98visudo=E2=80=99 altogether. WDYT? Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 12 07:06:50 2019 Received: (at 34005) by debbugs.gnu.org; 12 Jan 2019 12:06:50 +0000 Received: from localhost ([127.0.0.1]:56596 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1giI3u-0004MD-3g for submit@debbugs.gnu.org; Sat, 12 Jan 2019 07:06:50 -0500 Received: from mail-pf1-f172.google.com ([209.85.210.172]:38728) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1giI3s-0004Ly-CM for 34005@debbugs.gnu.org; Sat, 12 Jan 2019 07:06:48 -0500 Received: by mail-pf1-f172.google.com with SMTP id q1so8211036pfi.5 for <34005@debbugs.gnu.org>; Sat, 12 Jan 2019 04:06:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version:content-transfer-encoding; bh=cjaP4BOA9U0IX2ukJQ7ajf5maYAEmthwO+JI6/irnCE=; b=SKTWXziinfY1LGEMaeIos8qRF10gDla33Z5eRvfEoZei+fGK4nsvc6OgdLMNvvypHF mMdO58zVVLE+n0JKzNscissxMxhcobzgFgyfkymv2vMtKRYw1d3DU6jk6ImISk83qE1q dTKxOb5R910ZHyGrSOtpABcGzlNMQV4o/an2PjLh3K4pHMOnSb7IdF2u9U1V6vhuOCF5 y1gxwG5PofdtjXM6/QekPq0S766m74qimfaxRbc4DzkQQtpbkEUiUh8l6kH7JT9ZuH6F Oox353u/RpXoZ3CN0mf06TaoIeiNsuk+tcz7jU6tMmjs0hNq1we6mjVhGaJj3bJETe20 7M3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version:content-transfer-encoding; bh=cjaP4BOA9U0IX2ukJQ7ajf5maYAEmthwO+JI6/irnCE=; b=t30jpLKbU/HE/Fjkb7tMxgq568zLOmValmK06zRMg6COVls5acCg7vaPhhZp6dpTpc X1yPIrMJzZZg16WTLYsIFluc972WJWioBauKqS/h8o4GWiIuKR/05VQyq8lNlMcZ9BcS 2xBlfdNzTH/UU5JkKzxDufajdGalgkzdJkAr/NTS4lF4GWPIFuEPqLlZ4M1qXILKNuJ/ +mAFkibWn/F7frIMjRXi6kkXsU6tRIghQMESrOQjTFU+Dqp7P3/CZCk+V/wFX1Uc0hqY IpUKIidms22Ux5SHhcdWnC8I6MPn65km58nhbr0Ja27WKOJmwTgPNJVRG404Bcd6hT1z gSZw== X-Gm-Message-State: AJcUukcjr95cacKM9JhKr/r1NLRNbpUshDNN/9DQon2OHb1+0jbwg4Mz q7o6VmAXzU0uTYKQ7Aebv7YsXvyWXc0= X-Google-Smtp-Source: ALg8bN5anfrOhOIkm6m9YT5VvYKCZtAQGsCH7Fljl5xXcywo7jcPhRa7xDCpuo+Odn1RQNwEJ504qg== X-Received: by 2002:a62:47d9:: with SMTP id p86mr17836784pfi.95.1547294802093; Sat, 12 Jan 2019 04:06:42 -0800 (PST) Received: from captain (144.34.217.65.16clouds.com. [144.34.217.65]) by smtp.gmail.com with ESMTPSA id 83sm135322835pgf.57.2019.01.12.04.06.39 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 12 Jan 2019 04:06:41 -0800 (PST) References: <87zhsdqbxv.fsf@gmail.com> <87h8ee6tv3.fsf@gnu.org> User-agent: mu4e 1.0; emacs 26.1 From: Meiyo Peng To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs. In-reply-to: <87h8ee6tv3.fsf@gnu.org> Date: Sat, 12 Jan 2019 20:06:27 +0800 Message-ID: <87va2uulks.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34005 Cc: 34005@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Ludovic, Ludovic Court=C3=A8s writes: > Hi Meiyo, > > Meiyo Peng skribis: > >> This patch adds sudoedit to %setuid-programs. Although sudoedit is >> equivalent to "sudo -e" and sudo is already in %setuid-programs, I >> prefer to type sudoedit in terminal. sudoedit is a common command in >> Linux distros. I use it frequently. It would be great if guix users >> are not forced to fallback on "sudo -e". > > The problem I see is that on GuixSD /etc/sudoers is not supposed to be > edited directly. Instead, users are expected to specify =E2=80=98sudoers= -file=E2=80=99 > in their OS config, which generates a read-only /etc/sudoers. > > Whatever changes you make manually to that file are lost upon reboot or > reconfiguration. > > Thus I feel like we should discourage =E2=80=98sudo -e=E2=80=99, =E2=80= =99sudoedit=E2=80=99, and > =E2=80=98visudo=E2=80=99 altogether. > > WDYT? I agree we should discourage users to edit files in /etc that are managed by guix. These files will be overridden upon `guix system reconfigure`, so user's modification will be lost. They should change these files in the guix way by using config.scm. However, sudoedit can also be used to edit files in /media, /mnt, /opt, /srv and /var. These files require root priviledge to edit and they are not managed by guix. This is the main reason we need sudoedit. Oh, I also use sudoedit to edit /etc/config.scm. So, WDYT? -- Meiyo Peng https://www.pengmeiyu.com From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 12 07:28:21 2019 Received: (at 34005) by debbugs.gnu.org; 12 Jan 2019 12:28:21 +0000 Received: from localhost ([127.0.0.1]:56610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1giIOj-0004w0-AT for submit@debbugs.gnu.org; Sat, 12 Jan 2019 07:28:21 -0500 Received: from mail-pf1-f178.google.com ([209.85.210.178]:33859) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1giIOf-0004vn-T1 for 34005@debbugs.gnu.org; Sat, 12 Jan 2019 07:28:19 -0500 Received: by mail-pf1-f178.google.com with SMTP id h3so8234630pfg.1 for <34005@debbugs.gnu.org>; Sat, 12 Jan 2019 04:28:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=references:user-agent:from:to:cc:subject:in-reply-to:date :message-id:mime-version:content-transfer-encoding; bh=HaqJ74b/Sz5X9qPWtq2YInaTHMLob/CLXhQauDuBJHg=; b=rUa0rHnoz7XI3koi7boMHO6tkZGAnD+aVFQq8EHL/f43VJN8m7OARxoqMWHBst74NL mVZ4hPdl1P+4IZPAVtAka/SXa5tpCfNO/QzjObL67qNAiQYl8nTknSxerpb5DrIHS249 +DD4KhiTbPX2dKQ5PHN8HgWoe8vfq033ZSbhhYsd+FMo318JLQZO7DvDiz9wRA5pN12j pxjhELs1XNe8vLYx2u+OEMX/hLq2FsS6wZZ6upQbsLykAUzZUhB2Vqdl0aHxW370Ha0K 6bXepAwkQMkD7sJHhzSwI4Bbv1mzCWtVBhRFCSHR3CEfMcSRbG882l2/17sLqJ/Fv/aG JJ5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:references:user-agent:from:to:cc:subject :in-reply-to:date:message-id:mime-version:content-transfer-encoding; bh=HaqJ74b/Sz5X9qPWtq2YInaTHMLob/CLXhQauDuBJHg=; b=f4jmgB6PmslZmtP2ZL2Ply0xriYGswk14OZK1oajk0bcUwZk8BOzWm5NlwECihBZp+ J1tszxkHEvkw/35aUHy4vkdcMCkZnaaOsdawuGplv02yvBfIB0a8PyrEjtPVN5wQQjpJ d1Ub+RcQRg4kXF5MamQ2QGBxDPVWKmX7DDW90vHV5848pYLWsQzUzhHnlnZBrNGei50m +OriDiLRs/RMYhPSkxFSDMsOGpQwIUm9EKh2+6Nllw/blyZLTaAiPc5EBYn7p5ATOybP i5oXl4baCNmZ0bfuSiPoQCBNaDYhI4/qS8Bz4DexXpSvbL3unB0KVZ2LOIXIsk7R3hD0 VQUA== X-Gm-Message-State: AJcUukeVhAinqbQb82Y49epMKqoypHzO7qSxd7kHa2hALM0264PxXZEJ IFOtEHl5fbI9V2tznx84OFoFPZWz/SM= X-Google-Smtp-Source: ALg8bN7KIHmIUjbP0pWV0ZQx4qHsamj3Lg5cyoCqGzrDOXYzEBU0xoLkp/UhjFuPX9xpx4LVcQ/vRg== X-Received: by 2002:a62:de06:: with SMTP id h6mr18897535pfg.158.1547296091673; Sat, 12 Jan 2019 04:28:11 -0800 (PST) Received: from captain (144.34.217.65.16clouds.com. [144.34.217.65]) by smtp.gmail.com with ESMTPSA id f64sm218591347pfh.0.2019.01.12.04.28.09 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sat, 12 Jan 2019 04:28:10 -0800 (PST) References: <87zhsdqbxv.fsf@gmail.com> <87h8ee6tv3.fsf@gnu.org> <87va2uulks.fsf@gmail.com> User-agent: mu4e 1.0; emacs 26.1 From: Meiyo Peng To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs. In-reply-to: <87va2uulks.fsf@gmail.com> Date: Sat, 12 Jan 2019 20:28:01 +0800 Message-ID: <87tvieukku.fsf@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 34005 Cc: 34005@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Meiyo Peng writes: > Hi Ludovic, > > Ludovic Court=C3=A8s writes: > >> Hi Meiyo, >> >> Meiyo Peng skribis: >> >>> This patch adds sudoedit to %setuid-programs. Although sudoedit is >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I >>> prefer to type sudoedit in terminal. sudoedit is a common command in >>> Linux distros. I use it frequently. It would be great if guix users >>> are not forced to fallback on "sudo -e". >> >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be >> edited directly. Instead, users are expected to specify =E2=80=98sudoer= s-file=E2=80=99 >> in their OS config, which generates a read-only /etc/sudoers. >> >> Whatever changes you make manually to that file are lost upon reboot or >> reconfiguration. >> >> Thus I feel like we should discourage =E2=80=98sudo -e=E2=80=99, =E2=80= =99sudoedit=E2=80=99, and >> =E2=80=98visudo=E2=80=99 altogether. >> >> WDYT? > > I agree we should discourage users to edit files in /etc that are > managed by guix. These files will be overridden upon `guix system > reconfigure`, so user's modification will be lost. They should change > these files in the guix way by using config.scm. > > However, sudoedit can also be used to edit files in /media, /mnt, /opt, > /srv and /var. These files require root priviledge to edit and they are > not managed by guix. This is the main reason we need sudoedit. > > Oh, I also use sudoedit to edit /etc/config.scm. > > So, WDYT? I think you have confused sudoedit with visudo. visudo is used to edit /etc/sudoers and it can only edit that file. But sudoedit is use to edit any file that requires root priviledge. It's a good habit for sysadmins to edit files with `sudoedit /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can respect my $EDITOR, which is emacsclient, and connect to my Emacs server. So I can edit files in my familiar Emacs environment. This is much better than `sudo emacs /path/to/file`, which starts a vanilla emacs. -- Meiyo Peng https://www.pengmeiyu.com From debbugs-submit-bounces@debbugs.gnu.org Sat Jan 12 15:03:44 2019 Received: (at 34005) by debbugs.gnu.org; 12 Jan 2019 20:03:44 +0000 Received: from localhost ([127.0.0.1]:57137 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1giPVP-0002gd-Po for submit@debbugs.gnu.org; Sat, 12 Jan 2019 15:03:44 -0500 Received: from flashner.co.il ([178.62.234.194]:36910) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1giPVN-0002gQ-Rd for 34005@debbugs.gnu.org; Sat, 12 Jan 2019 15:03:42 -0500 Received: from localhost (unknown [188.120.128.87]) by flashner.co.il (Postfix) with ESMTPSA id 41BCE40119; Sat, 12 Jan 2019 20:03:36 +0000 (UTC) Date: Sat, 12 Jan 2019 22:03:35 +0200 From: Efraim Flashner To: Meiyo Peng Subject: Re: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs. Message-ID: <20190112200335.GA2050@macbook41> References: <87zhsdqbxv.fsf@gmail.com> <87h8ee6tv3.fsf@gnu.org> <87va2uulks.fsf@gmail.com> <87tvieukku.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xHFwDpU9dbj6ez1V" Content-Disposition: inline In-Reply-To: <87tvieukku.fsf@gmail.com> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 User-Agent: Mutt/1.11.0 (2018-11-25) X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 34005 Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , 34005@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --xHFwDpU9dbj6ez1V Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Jan 12, 2019 at 08:28:01PM +0800, Meiyo Peng wrote: >=20 > Meiyo Peng writes: >=20 > > Hi Ludovic, > > > > Ludovic Court=C3=A8s writes: > > > >> Hi Meiyo, > >> > >> Meiyo Peng skribis: > >> > >>> This patch adds sudoedit to %setuid-programs. Although sudoedit is > >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I > >>> prefer to type sudoedit in terminal. sudoedit is a common command in > >>> Linux distros. I use it frequently. It would be great if guix users > >>> are not forced to fallback on "sudo -e". > >> > >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be > >> edited directly. Instead, users are expected to specify =E2=80=98sudo= ers-file=E2=80=99 > >> in their OS config, which generates a read-only /etc/sudoers. > >> > >> Whatever changes you make manually to that file are lost upon reboot or > >> reconfiguration. > >> > >> Thus I feel like we should discourage =E2=80=98sudo -e=E2=80=99, =E2= =80=99sudoedit=E2=80=99, and > >> =E2=80=98visudo=E2=80=99 altogether. > >> > >> WDYT? > > > > I agree we should discourage users to edit files in /etc that are > > managed by guix. These files will be overridden upon `guix system > > reconfigure`, so user's modification will be lost. They should change > > these files in the guix way by using config.scm. > > > > However, sudoedit can also be used to edit files in /media, /mnt, /opt, > > /srv and /var. These files require root priviledge to edit and they are > > not managed by guix. This is the main reason we need sudoedit. > > > > Oh, I also use sudoedit to edit /etc/config.scm. > > > > So, WDYT? >=20 > I think you have confused sudoedit with visudo. visudo is used to edit > /etc/sudoers and it can only edit that file. But sudoedit is use to > edit any file that requires root priviledge. >=20 > It's a good habit for sysadmins to edit files with `sudoedit > /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can > respect my $EDITOR, which is emacsclient, and connect to my Emacs > server. So I can edit files in my familiar Emacs environment. This is > much better than `sudo emacs /path/to/file`, which starts a vanilla > emacs. >=20 I hadn't known about sudoedit before this thread. I think it'd be nice to add to the %setuid-programs list and I'd definately try to remember to use it. --=20 Efraim Flashner =D7=90=D7=A4=D7=A8=D7=99=D7=9D = =D7=A4=D7=9C=D7=A9=D7=A0=D7=A8 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --xHFwDpU9dbj6ez1V Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAlw6SBMACgkQQarn3Mo9 g1GOuw/9EoCJTJYehT/ciRyAAcNUyUqDOTC81veh1tdvlvGR3frIpyMChYvOMuTL VW9zxdi35/NqMLwLxWU0rF8I/IwZW/33b5MbX8bj82hFXrqa4Wh6/wo3NZM2IcZR 6bp9XK5SL+FVPcekkHWQsxbjoWsXtOva8oNDJreQScZsOrcGDjS3wdZe0yeoVg39 prdeWflBHzjXDvZm1vrhS0jpiz9iaO6s2vlbBHaThzLoLv+CTYXYl+BfKF/eAlUO iAD/sJmoTVcVNSRczlEyKef0tm7YK/wWnFFw0zdzd7egNtXRzN3yc4Zyt9ajdDLr Wztyx5gIlSxhSltMVLj9BSCErFZr+La9G2TkF9rs4B9NoVNCvVgxr752uWJukJVe OIj8VwykNsKOxQ6ZZFuEh0xuCsrLmgPdDJFRiJr11qLgQ19axunmK6Mx4f5QQbnz 4/rHrwvGjAYOXxq7G2ZRhrlt+0BPGiisGvuLK3KHwKUSKPOxHN7sNC+pm+CyCNBV Mx9+UaBos/XFKvbjO/It177Ye0R5Z4CrB8iYx63s9clGFZvLdvLqm5aJa3umLVpr zjtoSO4djzI6se3sVIIumrsZloffaSxSXVN2pNGwOTpeM2Ip/KgKPNPupD7YkgxC iutmujTCOz2Gjq1Es4VhXn5HIwx6pZITyHKa6EokWhy/PDYiIC8= =XE7E -----END PGP SIGNATURE----- --xHFwDpU9dbj6ez1V-- From debbugs-submit-bounces@debbugs.gnu.org Sun Jan 13 15:43:19 2019 Received: (at 34005-done) by debbugs.gnu.org; 13 Jan 2019 20:43:20 +0000 Received: from localhost ([127.0.0.1]:58110 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gimbH-0006qM-Km for submit@debbugs.gnu.org; Sun, 13 Jan 2019 15:43:19 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:51856) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gimbG-0006qF-9Q for 34005-done@debbugs.gnu.org; Sun, 13 Jan 2019 15:43:18 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 8C33B1B49; Sun, 13 Jan 2019 21:43:17 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RGxSquVvD5Av; Sun, 13 Jan 2019 21:43:16 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 5D9CF1B48; Sun, 13 Jan 2019 21:43:16 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Meiyo Peng Subject: Re: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs. References: <87zhsdqbxv.fsf@gmail.com> <87h8ee6tv3.fsf@gnu.org> <87va2uulks.fsf@gmail.com> <87tvieukku.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 24 =?utf-8?Q?Niv=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sun, 13 Jan 2019 21:43:15 +0100 In-Reply-To: <87tvieukku.fsf@gmail.com> (Meiyo Peng's message of "Sat, 12 Jan 2019 20:28:01 +0800") Message-ID: <87ef9g47bw.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: 34005-done Cc: 34005-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Hello, Meiyo Peng skribis: >> Ludovic Court=C3=A8s writes: [...] >>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be >>> edited directly. Instead, users are expected to specify =E2=80=98sudoe= rs-file=E2=80=99 >>> in their OS config, which generates a read-only /etc/sudoers. >>> >>> Whatever changes you make manually to that file are lost upon reboot or >>> reconfiguration. >>> >>> Thus I feel like we should discourage =E2=80=98sudo -e=E2=80=99, =E2=80= =99sudoedit=E2=80=99, and >>> =E2=80=98visudo=E2=80=99 altogether. >>> >>> WDYT? >> >> I agree we should discourage users to edit files in /etc that are >> managed by guix. These files will be overridden upon `guix system >> reconfigure`, so user's modification will be lost. They should change >> these files in the guix way by using config.scm. >> >> However, sudoedit can also be used to edit files in /media, /mnt, /opt, >> /srv and /var. These files require root priviledge to edit and they are >> not managed by guix. This is the main reason we need sudoedit. >> >> Oh, I also use sudoedit to edit /etc/config.scm. >> >> So, WDYT? > > I think you have confused sudoedit with visudo. visudo is used to edit > /etc/sudoers and it can only edit that file. But sudoedit is use to > edit any file that requires root priviledge. Oh indeed, I wrongfully assumed that =E2=80=98sudoedit=E2=80=99 is synonymo= us with =E2=80=98visudo=E2=80=99=E2=80=94thanks for explaining! > It's a good habit for sysadmins to edit files with `sudoedit > /path/to/file` rather than `sudo editor /path/to/file`. sudoedit can > respect my $EDITOR, which is emacsclient, and connect to my Emacs > server. So I can edit files in my familiar Emacs environment. This is > much better than `sudo emacs /path/to/file`, which starts a vanilla > emacs. OK, got it. Applied, thanks, and sorry for the confusion! Ludo=E2=80=99. From unknown Mon Aug 18 00:06:06 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 11 Feb 2019 12:24:03 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator