From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jeff Bauer <jeffrubic@gmail.com>
Subject: Re: editing /etc/sudoers
Date: Mon, 17 Jun 2019 10:44:18 -0500
Message-ID: <20190617154418.GG12459@serpent>
References: <20190614115539.GA22815@serpent>
 <e946838a415fc0e3e38efb1729ce4837@riseup.net>
 <20190616143031.GD12459@serpent>
 <45f53d38f8dbf54c80bc7e2153785295@riseup.net>
 <20190616232054.GA1602@nimrod> <20190617071712.GA1566@jurong>
 <73f74c18f09a60d93371f736c1b4a996@riseup.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:38547)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <jeffrubic@gmail.com>) id 1hctnz-0006wq-Bf
 for help-guix@gnu.org; Mon, 17 Jun 2019 11:44:24 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <jeffrubic@gmail.com>) id 1hctny-0005Fp-7Z
 for help-guix@gnu.org; Mon, 17 Jun 2019 11:44:23 -0400
Received: from mail-yw1-xc31.google.com ([2607:f8b0:4864:20::c31]:42948)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <jeffrubic@gmail.com>) id 1hctnx-0005E5-UR
 for help-guix@gnu.org; Mon, 17 Jun 2019 11:44:22 -0400
Received: by mail-yw1-xc31.google.com with SMTP id s5so5251238ywd.9
 for <help-guix@gnu.org>; Mon, 17 Jun 2019 08:44:21 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <73f74c18f09a60d93371f736c1b4a996@riseup.net>
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/help-guix>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
 <mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: Quiliro's lists <kiliro@riseup.net>
Cc: help-guix@gnu.org

On Mon, Jun 17, 2019 at 07:34:46AM -0700, Quiliro's lists wrote:
> El 2019-06-17 02:17, Andreas Enge escribió:
> > maybe my reply is off-topic and does not solve your problem, but to just
> > give sudoer capabilities to a user, it is enough to add them to the "wheel"
> > group in the system declaration, with something like:
> >
> > (operating-system
> >   (users (cons* (user-account
> >                  (name "andreas")
> >                  (comment "Andreas Enge")
> >                  (group "users")
> >                  (supplementary-groups '("wheel"))
> >                  (home-directory "/home/andreas"))
> >                 %base-user-accounts))
> >   ...
> >
> > This is in line with the principle that "global" files should not be edited,
> > but instead be declared in some way in the operating system definition.
> >
> > For more sophisticated uses, the file could be declared in the operating
> > system definition, I suppose, but I have no experience with this.
> >
> > Andreas
>
> Exactly: if you are using GuixSD, you do not use visudo; you use what
> Andreas proposes. If you are using just Guix, then you use visudo from
> the distro you are on.

My needs go beyond adding a user to the wheel group.  I want
specific programs to run without a sudo password challenge,
so editing my local copy of sudoers is necessary.  I'm now
using guix visudo as a command-line validation tool to
ensure that sudoers isn't borked -- which is it's primary
purpose.

-Jeff