From mboxrd@z Thu Jan 1 00:00:00 1970 From: John Soo Subject: Re: editing /etc/sudoers Date: Mon, 17 Jun 2019 10:03:20 -0700 Message-ID: <1CADB6BB-4C4E-43C8-BB5C-107D564B2C89@asu.edu> References: <20190614115539.GA22815@serpent> <20190616143031.GD12459@serpent> <45f53d38f8dbf54c80bc7e2153785295@riseup.net> <20190616232054.GA1602@nimrod> <20190617071712.GA1566@jurong> <73f74c18f09a60d93371f736c1b4a996@riseup.net> <20190617154418.GG12459@serpent> Mime-Version: 1.0 (1.0) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:35422) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hcv2j-0001VQ-Hr for help-guix@gnu.org; Mon, 17 Jun 2019 13:03:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hcv2h-00018L-DT for help-guix@gnu.org; Mon, 17 Jun 2019 13:03:41 -0400 Received: from mail-pf1-x42c.google.com ([2607:f8b0:4864:20::42c]:40960) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hcv2d-0000oZ-Uw for help-guix@gnu.org; Mon, 17 Jun 2019 13:03:38 -0400 Received: by mail-pf1-x42c.google.com with SMTP id m30so6010864pff.8 for ; Mon, 17 Jun 2019 10:03:25 -0700 (PDT) In-Reply-To: <20190617154418.GG12459@serpent> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Jeff Bauer Cc: help-guix@gnu.org, Quiliro's lists Hi Jeff, Sorry this is so confusing. Let me know if I=E2=80=99m missed something sinc= e I=E2=80=99ve been half-following this thread. I think what you may want to= do is use the sudoers-file field when specifying your operating system rath= er than using visudo to edit the file. This way you will have persistent and= declarative specification for the sudoers file. The sudoers-file field allo= ws you to place an arbitrary file-like object in it, so you can put whatever= you want to add using visudo there and it will work the same. Check the man= ual for reference: https://www.gnu.org/software/guix/manual/en/html_node/ope= rating_002dsystem-Reference.html#operating_002dsystem-Reference Hope that helps, John > On Jun 17, 2019, at 8:44 AM, Jeff Bauer wrote: >=20 >> On Mon, Jun 17, 2019 at 07:34:46AM -0700, Quiliro's lists wrote: >> El 2019-06-17 02:17, Andreas Enge escribi=C3=B3: >>> maybe my reply is off-topic and does not solve your problem, but to just= >>> give sudoer capabilities to a user, it is enough to add them to the "whe= el" >>> group in the system declaration, with something like: >>>=20 >>> (operating-system >>> (users (cons* (user-account >>> (name "andreas") >>> (comment "Andreas Enge") >>> (group "users") >>> (supplementary-groups '("wheel")) >>> (home-directory "/home/andreas")) >>> %base-user-accounts)) >>> ... >>>=20 >>> This is in line with the principle that "global" files should not be edi= ted, >>> but instead be declared in some way in the operating system definition. >>>=20 >>> For more sophisticated uses, the file could be declared in the operating= >>> system definition, I suppose, but I have no experience with this. >>>=20 >>> Andreas >>=20 >> Exactly: if you are using GuixSD, you do not use visudo; you use what >> Andreas proposes. If you are using just Guix, then you use visudo from >> the distro you are on. >=20 > My needs go beyond adding a user to the wheel group. I want > specific programs to run without a sudo password challenge, > so editing my local copy of sudoers is necessary. I'm now > using guix visudo as a command-line validation tool to > ensure that sudoers isn't borked -- which is it's primary > purpose. >=20 > -Jeff >=20