GNU bug report logs - #34005
[PATCH] system: Add sudoedit to %setuid-programs.

Previous Next

Package: guix-patches;

Reported by: Meiyo Peng <meiyo.peng <at> gmail.com>

Date: Mon, 7 Jan 2019 05:23:01 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Meiyo Peng <meiyo.peng <at> gmail.com>
Subject: bug#34005: closed (Re: [bug#34005] [PATCH] system: Add sudoedit
 to %setuid-programs.)
Date: Sun, 13 Jan 2019 20:44:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#34005: [PATCH] system: Add sudoedit to %setuid-programs.

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 34005 <at> debbugs.gnu.org.

-- 
34005: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=34005
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ludovic Courtès <ludo <at> gnu.org>
To: Meiyo Peng <meiyo.peng <at> gmail.com>
Cc: 34005-done <at> debbugs.gnu.org
Subject: Re: [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
Date: Sun, 13 Jan 2019 21:43:15 +0100

Hello,

Meiyo Peng <meiyo.peng <at> gmail.com> skribis:

>> Ludovic Courtès writes:

[...]

>>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>>> edited directly.  Instead, users are expected to specify ‘sudoers-file’
>>> in their OS config, which generates a read-only /etc/sudoers.
>>>
>>> Whatever changes you make manually to that file are lost upon reboot or
>>> reconfiguration.
>>>
>>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>>> ‘visudo’ altogether.
>>>
>>> WDYT?
>>
>> I agree we should discourage users to edit files in /etc that are
>> managed by guix.  These files will be overridden upon `guix system
>> reconfigure`, so user's modification will be lost.  They should change
>> these files in the guix way by using config.scm.
>>
>> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
>> /srv and /var.  These files require root priviledge to edit and they are
>> not managed by guix.  This is the main reason we need sudoedit.
>>
>> Oh, I also use sudoedit to edit /etc/config.scm.
>>
>> So, WDYT?
>
> I think you have confused sudoedit with visudo.  visudo is used to edit
> /etc/sudoers and it can only edit that file.  But sudoedit is use to
> edit any file that requires root priviledge.

Oh indeed, I wrongfully assumed that ‘sudoedit’ is synonymous with
‘visudo’—thanks for explaining!

> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server.  So I can edit files in my familiar Emacs environment.  This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.

OK, got it.  Applied, thanks, and sorry for the confusion!

Ludo’.


[Message part 3 (message/rfc822, inline)]
From: Meiyo Peng <meiyo.peng <at> gmail.com>
To: guix-patches <at> gnu.org
Subject: [PATCH] system: Add sudoedit to %setuid-programs.
Date: Mon, 07 Jan 2019 13:22:20 +0800

[Message part 4 (text/plain, inline)]
Hi,

This patch adds sudoedit to %setuid-programs.  Although sudoedit is
equivalent to "sudo -e" and sudo is already in %setuid-programs, I
prefer to type sudoedit in terminal.  sudoedit is a common command in
Linux distros.  I use it frequently.  It would be great if guix users
are not forced to fallback on "sudo -e".


[0001-system-Add-sudoedit-to-setuid-programs.patch (text/x-patch, inline)]
From 822f58171d10e92106878e1c9687401743ca372c Mon Sep 17 00:00:00 2001
From: Meiyo Peng <meiyo.peng <at> gmail.com>
Date: Sat, 5 Jan 2019 21:06:47 +0800
Subject: [PATCH] system: Add sudoedit to %setuid-programs.

* gnu/system.scm (%setuid-programs): Add sudoedit.
---
 gnu/system.scm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gnu/system.scm b/gnu/system.scm
index ee48f4826..09ee88d43 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015, 2016 Alex Kost <alezost <at> gmail.com>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich <at> gmail.com>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe <at> gmail.com>
+;;; Copyright © 2019 Meiyo Peng <meiyo.peng <at> gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -792,6 +793,7 @@ use 'plain-file' instead~%")
           (file-append inetutils "/bin/ping")
           (file-append inetutils "/bin/ping6")
           (file-append sudo "/bin/sudo")
+          (file-append sudo "/bin/sudoedit")
           (file-append fuse "/bin/fusermount"))))
 
 (define %sudoers-specification
-- 
2.20.1


[Message part 6 (text/plain, inline)]
--
Meiyo Peng
https://www.pengmeiyu.com/
This bug report was last modified 6 years and 189 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.