From: John Soo <jsoo1@asu.edu>
To: Jeff Bauer <jeffrubic@gmail.com>
Cc: help-guix@gnu.org, Quiliro's lists <kiliro@riseup.net>
Subject: Re: editing /etc/sudoers
Date: Mon, 17 Jun 2019 10:03:20 -0700 [thread overview]
Message-ID: <1CADB6BB-4C4E-43C8-BB5C-107D564B2C89@asu.edu> (raw)
In-Reply-To: <20190617154418.GG12459@serpent>
Hi Jeff,
Sorry this is so confusing. Let me know if I’m missed something since I’ve been half-following this thread. I think what you may want to do is use the sudoers-file field when specifying your operating system rather than using visudo to edit the file. This way you will have persistent and declarative specification for the sudoers file. The sudoers-file field allows you to place an arbitrary file-like object in it, so you can put whatever you want to add using visudo there and it will work the same. Check the manual for reference: https://www.gnu.org/software/guix/manual/en/html_node/operating_002dsystem-Reference.html#operating_002dsystem-Reference
Hope that helps,
John
> On Jun 17, 2019, at 8:44 AM, Jeff Bauer <jeffrubic@gmail.com> wrote:
>
>> On Mon, Jun 17, 2019 at 07:34:46AM -0700, Quiliro's lists wrote:
>> El 2019-06-17 02:17, Andreas Enge escribió:
>>> maybe my reply is off-topic and does not solve your problem, but to just
>>> give sudoer capabilities to a user, it is enough to add them to the "wheel"
>>> group in the system declaration, with something like:
>>>
>>> (operating-system
>>> (users (cons* (user-account
>>> (name "andreas")
>>> (comment "Andreas Enge")
>>> (group "users")
>>> (supplementary-groups '("wheel"))
>>> (home-directory "/home/andreas"))
>>> %base-user-accounts))
>>> ...
>>>
>>> This is in line with the principle that "global" files should not be edited,
>>> but instead be declared in some way in the operating system definition.
>>>
>>> For more sophisticated uses, the file could be declared in the operating
>>> system definition, I suppose, but I have no experience with this.
>>>
>>> Andreas
>>
>> Exactly: if you are using GuixSD, you do not use visudo; you use what
>> Andreas proposes. If you are using just Guix, then you use visudo from
>> the distro you are on.
>
> My needs go beyond adding a user to the wheel group. I want
> specific programs to run without a sudo password challenge,
> so editing my local copy of sudoers is necessary. I'm now
> using guix visudo as a command-line validation tool to
> ensure that sudoers isn't borked -- which is it's primary
> purpose.
>
> -Jeff
>
next prev parent reply other threads:[~2019-06-17 17:03 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-14 11:55 editing /etc/sudoers Jeff Bauer
2019-06-14 13:16 ` David Larsson
2019-06-14 13:21 ` Tobias Geerinckx-Rice
2019-06-14 13:58 ` Jeff Bauer
2019-06-16 2:27 ` Quiliro's lists
2019-06-16 14:18 ` Jeff Bauer
2019-06-16 14:30 ` Jeff Bauer
2019-06-16 23:08 ` Quiliro's lists
2019-06-16 23:20 ` Jeff Bauer
2019-06-17 7:17 ` Andreas Enge
2019-06-17 14:34 ` Quiliro's lists
2019-06-17 15:44 ` Jeff Bauer
2019-06-17 17:03 ` John Soo [this message]
2019-06-17 18:02 ` Jeff Bauer
2019-06-17 20:16 ` John Soo
2019-06-17 7:53 ` Hartmut Goebel
2019-06-17 15:48 ` Jeff Bauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1CADB6BB-4C4E-43C8-BB5C-107D564B2C89@asu.edu \
--to=jsoo1@asu.edu \
--cc=help-guix@gnu.org \
--cc=jeffrubic@gmail.com \
--cc=kiliro@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).