unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed
* [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
@ 2019-01-07  5:22 Meiyo Peng
  2019-01-12 10:41 ` Ludovic Courtès
  0 siblings, 1 reply; 6+ messages in thread
From: Meiyo Peng @ 2019-01-07  5:22 UTC (permalink / raw)
  To: 34005

[-- Attachment #1: Type: text/plain, Size: 322 bytes --]

Hi,

This patch adds sudoedit to %setuid-programs.  Although sudoedit is
equivalent to "sudo -e" and sudo is already in %setuid-programs, I
prefer to type sudoedit in terminal.  sudoedit is a common command in
Linux distros.  I use it frequently.  It would be great if guix users
are not forced to fallback on "sudo -e".


[-- Attachment #2: 0001-system-Add-sudoedit-to-setuid-programs.patch --]
[-- Type: text/x-patch, Size: 1105 bytes --]

From 822f58171d10e92106878e1c9687401743ca372c Mon Sep 17 00:00:00 2001
From: Meiyo Peng <meiyo.peng@gmail.com>
Date: Sat, 5 Jan 2019 21:06:47 +0800
Subject: [PATCH] system: Add sudoedit to %setuid-programs.

* gnu/system.scm (%setuid-programs): Add sudoedit.
---
 gnu/system.scm | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/gnu/system.scm b/gnu/system.scm
index ee48f4826..09ee88d43 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2015, 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2019 Meiyo Peng <meiyo.peng@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -792,6 +793,7 @@ use 'plain-file' instead~%")
           (file-append inetutils "/bin/ping")
           (file-append inetutils "/bin/ping6")
           (file-append sudo "/bin/sudo")
+          (file-append sudo "/bin/sudoedit")
           (file-append fuse "/bin/fusermount"))))
 
 (define %sudoers-specification
-- 
2.20.1


[-- Attachment #3: Type: text/plain, Size: 42 bytes --]


--
Meiyo Peng
https://www.pengmeiyu.com/

^ permalink raw reply related	[flat|nested] 6+ messages in thread

* [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
  2019-01-07  5:22 [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs Meiyo Peng
@ 2019-01-12 10:41 ` Ludovic Courtès
  2019-01-12 12:06   ` Meiyo Peng
  0 siblings, 1 reply; 6+ messages in thread
From: Ludovic Courtès @ 2019-01-12 10:41 UTC (permalink / raw)
  To: Meiyo Peng; +Cc: 34005

Hi Meiyo,

Meiyo Peng <meiyo.peng@gmail.com> skribis:

> This patch adds sudoedit to %setuid-programs.  Although sudoedit is
> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
> prefer to type sudoedit in terminal.  sudoedit is a common command in
> Linux distros.  I use it frequently.  It would be great if guix users
> are not forced to fallback on "sudo -e".

The problem I see is that on GuixSD /etc/sudoers is not supposed to be
edited directly.  Instead, users are expected to specify ‘sudoers-file’
in their OS config, which generates a read-only /etc/sudoers.

Whatever changes you make manually to that file are lost upon reboot or
reconfiguration.

Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
‘visudo’ altogether.

WDYT?

Thanks,
Ludo’.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
  2019-01-12 10:41 ` Ludovic Courtès
@ 2019-01-12 12:06   ` Meiyo Peng
  2019-01-12 12:28     ` Meiyo Peng
  0 siblings, 1 reply; 6+ messages in thread
From: Meiyo Peng @ 2019-01-12 12:06 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 34005

Hi Ludovic,

Ludovic Courtès writes:

> Hi Meiyo,
>
> Meiyo Peng <meiyo.peng@gmail.com> skribis:
>
>> This patch adds sudoedit to %setuid-programs.  Although sudoedit is
>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
>> prefer to type sudoedit in terminal.  sudoedit is a common command in
>> Linux distros.  I use it frequently.  It would be great if guix users
>> are not forced to fallback on "sudo -e".
>
> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
> edited directly.  Instead, users are expected to specify ‘sudoers-file’
> in their OS config, which generates a read-only /etc/sudoers.
>
> Whatever changes you make manually to that file are lost upon reboot or
> reconfiguration.
>
> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
> ‘visudo’ altogether.
>
> WDYT?

I agree we should discourage users to edit files in /etc that are
managed by guix.  These files will be overridden upon `guix system
reconfigure`, so user's modification will be lost.  They should change
these files in the guix way by using config.scm.

However, sudoedit can also be used to edit files in /media, /mnt, /opt,
/srv and /var.  These files require root priviledge to edit and they are
not managed by guix.  This is the main reason we need sudoedit.

Oh, I also use sudoedit to edit /etc/config.scm.

So, WDYT?

--
Meiyo Peng
https://www.pengmeiyu.com

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
  2019-01-12 12:06   ` Meiyo Peng
@ 2019-01-12 12:28     ` Meiyo Peng
  2019-01-12 20:03       ` Efraim Flashner
  2019-01-13 20:43       ` bug#34005: " Ludovic Courtès
  0 siblings, 2 replies; 6+ messages in thread
From: Meiyo Peng @ 2019-01-12 12:28 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 34005


Meiyo Peng writes:

> Hi Ludovic,
>
> Ludovic Courtès writes:
>
>> Hi Meiyo,
>>
>> Meiyo Peng <meiyo.peng@gmail.com> skribis:
>>
>>> This patch adds sudoedit to %setuid-programs.  Although sudoedit is
>>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
>>> prefer to type sudoedit in terminal.  sudoedit is a common command in
>>> Linux distros.  I use it frequently.  It would be great if guix users
>>> are not forced to fallback on "sudo -e".
>>
>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>> edited directly.  Instead, users are expected to specify ‘sudoers-file’
>> in their OS config, which generates a read-only /etc/sudoers.
>>
>> Whatever changes you make manually to that file are lost upon reboot or
>> reconfiguration.
>>
>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>> ‘visudo’ altogether.
>>
>> WDYT?
>
> I agree we should discourage users to edit files in /etc that are
> managed by guix.  These files will be overridden upon `guix system
> reconfigure`, so user's modification will be lost.  They should change
> these files in the guix way by using config.scm.
>
> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
> /srv and /var.  These files require root priviledge to edit and they are
> not managed by guix.  This is the main reason we need sudoedit.
>
> Oh, I also use sudoedit to edit /etc/config.scm.
>
> So, WDYT?

I think you have confused sudoedit with visudo.  visudo is used to edit
/etc/sudoers and it can only edit that file.  But sudoedit is use to
edit any file that requires root priviledge.

It's a good habit for sysadmins to edit files with `sudoedit
/path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
respect my $EDITOR, which is emacsclient, and connect to my Emacs
server.  So I can edit files in my familiar Emacs environment.  This is
much better than `sudo emacs /path/to/file`, which starts a vanilla
emacs.

--
Meiyo Peng
https://www.pengmeiyu.com

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs.
  2019-01-12 12:28     ` Meiyo Peng
@ 2019-01-12 20:03       ` Efraim Flashner
  2019-01-13 20:43       ` bug#34005: " Ludovic Courtès
  1 sibling, 0 replies; 6+ messages in thread
From: Efraim Flashner @ 2019-01-12 20:03 UTC (permalink / raw)
  To: Meiyo Peng; +Cc: 34005

[-- Attachment #1: Type: text/plain, Size: 2576 bytes --]

On Sat, Jan 12, 2019 at 08:28:01PM +0800, Meiyo Peng wrote:
> 
> Meiyo Peng writes:
> 
> > Hi Ludovic,
> >
> > Ludovic Courtès writes:
> >
> >> Hi Meiyo,
> >>
> >> Meiyo Peng <meiyo.peng@gmail.com> skribis:
> >>
> >>> This patch adds sudoedit to %setuid-programs.  Although sudoedit is
> >>> equivalent to "sudo -e" and sudo is already in %setuid-programs, I
> >>> prefer to type sudoedit in terminal.  sudoedit is a common command in
> >>> Linux distros.  I use it frequently.  It would be great if guix users
> >>> are not forced to fallback on "sudo -e".
> >>
> >> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
> >> edited directly.  Instead, users are expected to specify ‘sudoers-file’
> >> in their OS config, which generates a read-only /etc/sudoers.
> >>
> >> Whatever changes you make manually to that file are lost upon reboot or
> >> reconfiguration.
> >>
> >> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
> >> ‘visudo’ altogether.
> >>
> >> WDYT?
> >
> > I agree we should discourage users to edit files in /etc that are
> > managed by guix.  These files will be overridden upon `guix system
> > reconfigure`, so user's modification will be lost.  They should change
> > these files in the guix way by using config.scm.
> >
> > However, sudoedit can also be used to edit files in /media, /mnt, /opt,
> > /srv and /var.  These files require root priviledge to edit and they are
> > not managed by guix.  This is the main reason we need sudoedit.
> >
> > Oh, I also use sudoedit to edit /etc/config.scm.
> >
> > So, WDYT?
> 
> I think you have confused sudoedit with visudo.  visudo is used to edit
> /etc/sudoers and it can only edit that file.  But sudoedit is use to
> edit any file that requires root priviledge.
> 
> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server.  So I can edit files in my familiar Emacs environment.  This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.
> 

I hadn't known about sudoedit before this thread. I think it'd be nice
to add to the %setuid-programs list and I'd definately try to remember
to use it.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* bug#34005: [PATCH] system: Add sudoedit to %setuid-programs.
  2019-01-12 12:28     ` Meiyo Peng
  2019-01-12 20:03       ` Efraim Flashner
@ 2019-01-13 20:43       ` Ludovic Courtès
  1 sibling, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2019-01-13 20:43 UTC (permalink / raw)
  To: Meiyo Peng; +Cc: 34005-done

Hello,

Meiyo Peng <meiyo.peng@gmail.com> skribis:

>> Ludovic Courtès writes:

[...]

>>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>>> edited directly.  Instead, users are expected to specify ‘sudoers-file’
>>> in their OS config, which generates a read-only /etc/sudoers.
>>>
>>> Whatever changes you make manually to that file are lost upon reboot or
>>> reconfiguration.
>>>
>>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>>> ‘visudo’ altogether.
>>>
>>> WDYT?
>>
>> I agree we should discourage users to edit files in /etc that are
>> managed by guix.  These files will be overridden upon `guix system
>> reconfigure`, so user's modification will be lost.  They should change
>> these files in the guix way by using config.scm.
>>
>> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
>> /srv and /var.  These files require root priviledge to edit and they are
>> not managed by guix.  This is the main reason we need sudoedit.
>>
>> Oh, I also use sudoedit to edit /etc/config.scm.
>>
>> So, WDYT?
>
> I think you have confused sudoedit with visudo.  visudo is used to edit
> /etc/sudoers and it can only edit that file.  But sudoedit is use to
> edit any file that requires root priviledge.

Oh indeed, I wrongfully assumed that ‘sudoedit’ is synonymous with
‘visudo’—thanks for explaining!

> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server.  So I can edit files in my familiar Emacs environment.  This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.

OK, got it.  Applied, thanks, and sorry for the confusion!

Ludo’.

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2019-01-13 20:44 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-01-07  5:22 [bug#34005] [PATCH] system: Add sudoedit to %setuid-programs Meiyo Peng
2019-01-12 10:41 ` Ludovic Courtès
2019-01-12 12:06   ` Meiyo Peng
2019-01-12 12:28     ` Meiyo Peng
2019-01-12 20:03       ` Efraim Flashner
2019-01-13 20:43       ` bug#34005: " Ludovic Courtès

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).