GNU bug report logs - #34005
[PATCH] system: Add sudoedit to %setuid-programs.

Previous Next

Package: guix-patches;

Reported by: Meiyo Peng <meiyo.peng <at> gmail.com>

Date: Mon, 7 Jan 2019 05:23:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Meiyo Peng <meiyo.peng <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 34005 <at> debbugs.gnu.org
Subject: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
Date: Sat, 12 Jan 2019 20:28:01 +0800

Meiyo Peng writes:

> Hi Ludovic,
>
> Ludovic Courtès writes:
>
>> Hi Meiyo,
>>
>> Meiyo Peng <meiyo.peng <at> gmail.com> skribis:
>>
>>> This patch adds sudoedit to %setuid-programs.  Although sudoedit is
>>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
>>> prefer to type sudoedit in terminal.  sudoedit is a common command in
>>> Linux distros.  I use it frequently.  It would be great if guix users
>>> are not forced to fallback on "sudo -e".
>>
>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>> edited directly.  Instead, users are expected to specify ‘sudoers-file’
>> in their OS config, which generates a read-only /etc/sudoers.
>>
>> Whatever changes you make manually to that file are lost upon reboot or
>> reconfiguration.
>>
>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>> ‘visudo’ altogether.
>>
>> WDYT?
>
> I agree we should discourage users to edit files in /etc that are
> managed by guix.  These files will be overridden upon `guix system
> reconfigure`, so user's modification will be lost.  They should change
> these files in the guix way by using config.scm.
>
> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
> /srv and /var.  These files require root priviledge to edit and they are
> not managed by guix.  This is the main reason we need sudoedit.
>
> Oh, I also use sudoedit to edit /etc/config.scm.
>
> So, WDYT?

I think you have confused sudoedit with visudo.  visudo is used to edit
/etc/sudoers and it can only edit that file.  But sudoedit is use to
edit any file that requires root priviledge.

It's a good habit for sysadmins to edit files with `sudoedit
/path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
respect my $EDITOR, which is emacsclient, and connect to my Emacs
server.  So I can edit files in my familiar Emacs environment.  This is
much better than `sudo emacs /path/to/file`, which starts a vanilla
emacs.

--
Meiyo Peng
https://www.pengmeiyu.com
This bug report was last modified 6 years and 132 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.