[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
From: |
Meiyo Peng |
Subject: |
[bug#34005] [PATCH] system: Add sudoedit to %setuid-programs. |
Date: |
Sat, 12 Jan 2019 20:06:27 +0800 |
User-agent: |
mu4e 1.0; emacs 26.1 |
Hi Ludovic,
Ludovic Courtès writes:
> Hi Meiyo,
>
> Meiyo Peng <address@hidden> skribis:
>
>> This patch adds sudoedit to %setuid-programs. Although sudoedit is
>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
>> prefer to type sudoedit in terminal. sudoedit is a common command in
>> Linux distros. I use it frequently. It would be great if guix users
>> are not forced to fallback on "sudo -e".
>
> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
> edited directly. Instead, users are expected to specify ‘sudoers-file’
> in their OS config, which generates a read-only /etc/sudoers.
>
> Whatever changes you make manually to that file are lost upon reboot or
> reconfiguration.
>
> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
> ‘visudo’ altogether.
>
> WDYT?
I agree we should discourage users to edit files in /etc that are
managed by guix. These files will be overridden upon `guix system
reconfigure`, so user's modification will be lost. They should change
these files in the guix way by using config.scm.
However, sudoedit can also be used to edit files in /media, /mnt, /opt,
/srv and /var. These files require root priviledge to edit and they are
not managed by guix. This is the main reason we need sudoedit.
Oh, I also use sudoedit to edit /etc/config.scm.
So, WDYT?
--
Meiyo Peng
https://www.pengmeiyu.com