* editing /etc/sudoers
@ 2019-06-14 11:55 Jeff Bauer
2019-06-14 13:16 ` David Larsson
` (2 more replies)
0 siblings, 3 replies; 17+ messages in thread
From: Jeff Bauer @ 2019-06-14 11:55 UTC (permalink / raw)
To: help-guix
I've been trying unsuccessfully to make changes to
/etc/sudoers. I used visudo by creating a symlink
to /usr/bin/vi (because visudo ignores EDITOR), but
the changes aren't permanent. What am I missing?
-Jeff
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-14 11:55 editing /etc/sudoers Jeff Bauer
@ 2019-06-14 13:16 ` David Larsson
2019-06-14 13:21 ` Tobias Geerinckx-Rice
2019-06-16 2:27 ` Quiliro's lists
2 siblings, 0 replies; 17+ messages in thread
From: David Larsson @ 2019-06-14 13:16 UTC (permalink / raw)
To: help-guix, Jeff Bauer
Hi Jeff,
This is probably not the guix way, but Im usually using SUDO_EDITOR=zile visudo instead of just EDITOR.
B.R.
David
Jeff Bauer – Fri, 14. June 2019 14:36
> I've been trying unsuccessfully to make changes to
> /etc/sudoers. I used visudo by creating a symlink
> to /usr/bin/vi (because visudo ignores EDITOR), but
> the changes aren't permanent. What am I missing?
>
> -Jeff
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-14 11:55 editing /etc/sudoers Jeff Bauer
2019-06-14 13:16 ` David Larsson
@ 2019-06-14 13:21 ` Tobias Geerinckx-Rice
2019-06-14 13:58 ` Jeff Bauer
2019-06-16 2:27 ` Quiliro's lists
2 siblings, 1 reply; 17+ messages in thread
From: Tobias Geerinckx-Rice @ 2019-06-14 13:21 UTC (permalink / raw)
To: Jeff Bauer; +Cc: help-guix
[-- Attachment #1: Type: text/plain, Size: 199 bytes --]
Jeff Bauer wrote:
> What am I missing?
Moar Scheme:
(operating-system
…
(sudoers-file
(local-file "sudoers")) ; relative to this file
…)
Kind regards,
T G-R
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-14 13:21 ` Tobias Geerinckx-Rice
@ 2019-06-14 13:58 ` Jeff Bauer
0 siblings, 0 replies; 17+ messages in thread
From: Jeff Bauer @ 2019-06-14 13:58 UTC (permalink / raw)
To: Tobias Geerinckx-Rice; +Cc: help-guix
On Fri, Jun 14, 2019 at 03:21:33PM +0200, Tobias Geerinckx-Rice wrote:
> (operating-system
> …
> (sudoers-file
> (local-file "sudoers")) ; relative to this file
> …)
Thanks. And as a note to myself to RTFM:
https://www.gnu.org/software/guix/manual/en/html_node/Using-the-Configuration-System.html#Using-the-Configuration-System
"One should never have to touch files in /etc or to run
commands that modify the system state such as useradd or
grub-install. In fact, you must avoid that since that
would not only void your warranty but also prevent you
from rolling back to previous versions of your system,
should you ever need to."
-Jeff
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-14 11:55 editing /etc/sudoers Jeff Bauer
2019-06-14 13:16 ` David Larsson
2019-06-14 13:21 ` Tobias Geerinckx-Rice
@ 2019-06-16 2:27 ` Quiliro's lists
2019-06-16 14:18 ` Jeff Bauer
2019-06-16 14:30 ` Jeff Bauer
2 siblings, 2 replies; 17+ messages in thread
From: Quiliro's lists @ 2019-06-16 2:27 UTC (permalink / raw)
To: help-guix
El 2019-06-14 06:55, Jeff Bauer escribió:
> I've been trying unsuccessfully to make changes to
> /etc/sudoers. I used visudo by creating a symlink
> to /usr/bin/vi (because visudo ignores EDITOR), but
> the changes aren't permanent. What am I missing?
You cannot have a /usr/bin unless you are on a foreign distro such as
Trisquel or Parabola or any other than GuixSD. If you are on a foreign
distro, Guix does not control your sudoers file; your foreign distro
does.
Regarding the EDITOR variable, if Guix is the installer of the needed
editor it is the only situation when this regards to Guix.
Would you please clarify your issue?
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-16 2:27 ` Quiliro's lists
@ 2019-06-16 14:18 ` Jeff Bauer
2019-06-16 14:30 ` Jeff Bauer
1 sibling, 0 replies; 17+ messages in thread
From: Jeff Bauer @ 2019-06-16 14:18 UTC (permalink / raw)
To: Quiliro's lists; +Cc: help-guix
On Sat, Jun 15, 2019 at 07:27:57PM -0700, Quiliro's lists wrote:
> Regarding the EDITOR variable, if Guix is the installer of the needed
> editor it is the only situation when this regards to Guix.
>
> Would you please clarify your issue?
Issue clarified up-thread:
https://lists.gnu.org/archive/html/help-guix/2019-06/msg00140.html
Generally, assigning the environment variable EDITOR works
for visudo(*), but it appears /usr/bin/vi is hard-coded in
guix's visudo as it does not acknowledge EDITOR.
$ EDITOR=vim visudo ~/etc/guix/sudoers
visudo: no editor found (editor path = /usr/bin/vi)
David Larsson suggested using SUDO_EDITOR, however that
doesn't work either:
$ SUDO_EDITOR=vim visudo ~/etc/guix/sudoers
visudo: no editor found (editor path = /usr/bin/vi)
I'll still use visudo to check my local sudoers file on
the command line, though it's more challenging to remember
to check it (and the consequences of borking sudoers are
severe).
$ visudo --check -f ~/etc/guix/sudoers
~/etc/guix/sudoers: parsed OK
I'm guessing /usr/bin/vi has been hard coded into visudo
for security reasons, but it doesn't make sense if the
/usr/bin/vi editor doesn't exist on Guix System.
-Jeff
----
(*) Or at least it has on other system distros where nano
was the default editor.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-16 2:27 ` Quiliro's lists
2019-06-16 14:18 ` Jeff Bauer
@ 2019-06-16 14:30 ` Jeff Bauer
2019-06-16 23:08 ` Quiliro's lists
1 sibling, 1 reply; 17+ messages in thread
From: Jeff Bauer @ 2019-06-16 14:30 UTC (permalink / raw)
To: Quiliro's lists; +Cc: help-guix
On Sat, Jun 15, 2019 at 07:27:57PM -0700, Quiliro's lists wrote:
> Regarding the EDITOR variable, if Guix is the installer of the needed
> editor it is the only situation when this regards to Guix.
>
> Would you please clarify your issue?
Issue clarified up-thread:
https://lists.gnu.org/archive/html/help-guix/2019-06/msg00140.html
Generally, assigning the environment variable EDITOR works
for visudo(*), but it appears /usr/bin/vi is hard-coded in
guix's visudo as it does not acknowledge EDITOR.
$ EDITOR=vim visudo ~/etc/guix/sudoers
visudo: no editor found (editor path = /usr/bin/vi)
David Larsson suggested using SUDO_EDITOR, however that
doesn't work either:
$ SUDO_EDITOR=vim visudo ~/etc/guix/sudoers
visudo: no editor found (editor path = /usr/bin/vi)
I'll still use visudo to check my local sudoers file on
the command line, though it's more challenging to remember
to check it (and the consequences of borking sudoers are
severe).
$ visudo --check -f ~/etc/guix/sudoers
~/etc/guix/sudoers: parsed OK
I'm guessing /usr/bin/vi has been hard coded into visudo
for security reasons, but it doesn't make sense if the
/usr/bin/vi editor doesn't exist on Guix System.
-Jeff
----
(*) Or at least it has on other system distros where nano
was the default editor.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-16 14:30 ` Jeff Bauer
@ 2019-06-16 23:08 ` Quiliro's lists
2019-06-16 23:20 ` Jeff Bauer
0 siblings, 1 reply; 17+ messages in thread
From: Quiliro's lists @ 2019-06-16 23:08 UTC (permalink / raw)
To: help-guix
El 2019-06-16 09:30, Jeff Bauer escribió:
> On Sat, Jun 15, 2019 at 07:27:57PM -0700, Quiliro's lists wrote:
>> Regarding the EDITOR variable, if Guix is the installer of the needed
>> editor it is the only situation when this regards to Guix.
>>
>> Would you please clarify your issue?
>
> Issue clarified up-thread:
>
> https://lists.gnu.org/archive/html/help-guix/2019-06/msg00140.html
No you have not. It is not clear wether you are using Guix System
Distribution or another GNU distribution such as Debian.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-16 23:08 ` Quiliro's lists
@ 2019-06-16 23:20 ` Jeff Bauer
2019-06-17 7:17 ` Andreas Enge
2019-06-17 7:53 ` Hartmut Goebel
0 siblings, 2 replies; 17+ messages in thread
From: Jeff Bauer @ 2019-06-16 23:20 UTC (permalink / raw)
To: Quiliro's lists; +Cc: help-guix
On Sun, Jun 16, 2019 at 04:08:06PM -0700, Quiliro's lists wrote:
> El 2019-06-16 09:30, Jeff Bauer escribió:
> > On Sat, Jun 15, 2019 at 07:27:57PM -0700, Quiliro's lists wrote:
> >> Regarding the EDITOR variable, if Guix is the installer of the needed
> >> editor it is the only situation when this regards to Guix.
> >>
> >> Would you please clarify your issue?
> >
> > Issue clarified up-thread:
> >
> > https://lists.gnu.org/archive/html/help-guix/2019-06/msg00140.html
>
> No you have not. It is not clear wether you are using Guix System
> Distribution or another GNU distribution such as Debian.
Okay, to make it more clear: I was having a problem
trying to use visudo on a native Guix System. The
visudo packaged with the Guix System cannot actually
edit a sudoers file because it relies on /usr/bin/vi,
but it can be used as a command line validation checker.
-Jeff
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-16 23:20 ` Jeff Bauer
@ 2019-06-17 7:17 ` Andreas Enge
2019-06-17 14:34 ` Quiliro's lists
2019-06-17 7:53 ` Hartmut Goebel
1 sibling, 1 reply; 17+ messages in thread
From: Andreas Enge @ 2019-06-17 7:17 UTC (permalink / raw)
To: Jeff Bauer; +Cc: help-guix, Quiliro's lists
Hello,
On Sun, Jun 16, 2019 at 06:20:54PM -0500, Jeff Bauer wrote:
> Okay, to make it more clear: I was having a problem
> trying to use visudo on a native Guix System. The
> visudo packaged with the Guix System cannot actually
> edit a sudoers file because it relies on /usr/bin/vi,
> but it can be used as a command line validation checker.
maybe my reply is off-topic and does not solve your problem, but to just
give sudoer capabilities to a user, it is enough to add them to the "wheel"
group in the system declaration, with something like:
(operating-system
(users (cons* (user-account
(name "andreas")
(comment "Andreas Enge")
(group "users")
(supplementary-groups '("wheel"))
(home-directory "/home/andreas"))
%base-user-accounts))
...
This is in line with the principle that "global" files should not be edited,
but instead be declared in some way in the operating system definition.
For more sophisticated uses, the file could be declared in the operating
system definition, I suppose, but I have no experience with this.
Andreas
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-16 23:20 ` Jeff Bauer
2019-06-17 7:17 ` Andreas Enge
@ 2019-06-17 7:53 ` Hartmut Goebel
2019-06-17 15:48 ` Jeff Bauer
1 sibling, 1 reply; 17+ messages in thread
From: Hartmut Goebel @ 2019-06-17 7:53 UTC (permalink / raw)
To: help-guix
Am 17.06.19 um 01:20 schrieb Jeff Bauer:
> Okay, to make it more clear: I was having a problem
> trying to use visudo on a native Guix System. The
> visudo packaged with the Guix System cannot actually
> edit a sudoers file because it relies on /usr/bin/vi,
Try
VISUAL=/path/tp/my/editor visudo
See the man-page for details
--
Regards
Hartmut Goebel
| Hartmut Goebel | h.goebel@crazy-compilers.com |
| www.crazy-compilers.com | compilers which you thought are impossible |
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-17 7:17 ` Andreas Enge
@ 2019-06-17 14:34 ` Quiliro's lists
2019-06-17 15:44 ` Jeff Bauer
0 siblings, 1 reply; 17+ messages in thread
From: Quiliro's lists @ 2019-06-17 14:34 UTC (permalink / raw)
To: help-guix
El 2019-06-17 02:17, Andreas Enge escribió:
> Hello,
>
> On Sun, Jun 16, 2019 at 06:20:54PM -0500, Jeff Bauer wrote:
>> Okay, to make it more clear: I was having a problem
>> trying to use visudo on a native Guix System. The
>> visudo packaged with the Guix System cannot actually
>> edit a sudoers file because it relies on /usr/bin/vi,
>> but it can be used as a command line validation checker.
>
> maybe my reply is off-topic and does not solve your problem, but to just
> give sudoer capabilities to a user, it is enough to add them to the "wheel"
> group in the system declaration, with something like:
>
> (operating-system
> (users (cons* (user-account
> (name "andreas")
> (comment "Andreas Enge")
> (group "users")
> (supplementary-groups '("wheel"))
> (home-directory "/home/andreas"))
> %base-user-accounts))
> ...
>
> This is in line with the principle that "global" files should not be edited,
> but instead be declared in some way in the operating system definition.
>
> For more sophisticated uses, the file could be declared in the operating
> system definition, I suppose, but I have no experience with this.
>
> Andreas
Exactly: if you are using GuixSD, you do not use visudo; you use what
Andreas proposes. If you are using just Guix, then you use visudo from
the distro you are on.
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-17 14:34 ` Quiliro's lists
@ 2019-06-17 15:44 ` Jeff Bauer
2019-06-17 17:03 ` John Soo
0 siblings, 1 reply; 17+ messages in thread
From: Jeff Bauer @ 2019-06-17 15:44 UTC (permalink / raw)
To: Quiliro's lists; +Cc: help-guix
On Mon, Jun 17, 2019 at 07:34:46AM -0700, Quiliro's lists wrote:
> El 2019-06-17 02:17, Andreas Enge escribió:
> > maybe my reply is off-topic and does not solve your problem, but to just
> > give sudoer capabilities to a user, it is enough to add them to the "wheel"
> > group in the system declaration, with something like:
> >
> > (operating-system
> > (users (cons* (user-account
> > (name "andreas")
> > (comment "Andreas Enge")
> > (group "users")
> > (supplementary-groups '("wheel"))
> > (home-directory "/home/andreas"))
> > %base-user-accounts))
> > ...
> >
> > This is in line with the principle that "global" files should not be edited,
> > but instead be declared in some way in the operating system definition.
> >
> > For more sophisticated uses, the file could be declared in the operating
> > system definition, I suppose, but I have no experience with this.
> >
> > Andreas
>
> Exactly: if you are using GuixSD, you do not use visudo; you use what
> Andreas proposes. If you are using just Guix, then you use visudo from
> the distro you are on.
My needs go beyond adding a user to the wheel group. I want
specific programs to run without a sudo password challenge,
so editing my local copy of sudoers is necessary. I'm now
using guix visudo as a command-line validation tool to
ensure that sudoers isn't borked -- which is it's primary
purpose.
-Jeff
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-17 7:53 ` Hartmut Goebel
@ 2019-06-17 15:48 ` Jeff Bauer
0 siblings, 0 replies; 17+ messages in thread
From: Jeff Bauer @ 2019-06-17 15:48 UTC (permalink / raw)
To: Hartmut Goebel; +Cc: help-guix
On Mon, Jun 17, 2019 at 09:53:46AM +0200, Hartmut Goebel wrote:
> Try
>
> VISUAL=/path/tp/my/editor visudo
>
> See the man-page for details
Nope, same error:
$ VISUAL=~/.guix-profile/bin/vim visudo -f ~/etc/guix/config.scm
visudo: no editor found (editor path = /usr/bin/vi)
It appears /usr/bin/vi is hard-coded into the guix version
of visudo. EDITOR or VISUAL works for me on non-guix systems.
-Jeff
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-17 15:44 ` Jeff Bauer
@ 2019-06-17 17:03 ` John Soo
2019-06-17 18:02 ` Jeff Bauer
0 siblings, 1 reply; 17+ messages in thread
From: John Soo @ 2019-06-17 17:03 UTC (permalink / raw)
To: Jeff Bauer; +Cc: help-guix, Quiliro's lists
Hi Jeff,
Sorry this is so confusing. Let me know if I’m missed something since I’ve been half-following this thread. I think what you may want to do is use the sudoers-file field when specifying your operating system rather than using visudo to edit the file. This way you will have persistent and declarative specification for the sudoers file. The sudoers-file field allows you to place an arbitrary file-like object in it, so you can put whatever you want to add using visudo there and it will work the same. Check the manual for reference: https://www.gnu.org/software/guix/manual/en/html_node/operating_002dsystem-Reference.html#operating_002dsystem-Reference
Hope that helps,
John
> On Jun 17, 2019, at 8:44 AM, Jeff Bauer <jeffrubic@gmail.com> wrote:
>
>> On Mon, Jun 17, 2019 at 07:34:46AM -0700, Quiliro's lists wrote:
>> El 2019-06-17 02:17, Andreas Enge escribió:
>>> maybe my reply is off-topic and does not solve your problem, but to just
>>> give sudoer capabilities to a user, it is enough to add them to the "wheel"
>>> group in the system declaration, with something like:
>>>
>>> (operating-system
>>> (users (cons* (user-account
>>> (name "andreas")
>>> (comment "Andreas Enge")
>>> (group "users")
>>> (supplementary-groups '("wheel"))
>>> (home-directory "/home/andreas"))
>>> %base-user-accounts))
>>> ...
>>>
>>> This is in line with the principle that "global" files should not be edited,
>>> but instead be declared in some way in the operating system definition.
>>>
>>> For more sophisticated uses, the file could be declared in the operating
>>> system definition, I suppose, but I have no experience with this.
>>>
>>> Andreas
>>
>> Exactly: if you are using GuixSD, you do not use visudo; you use what
>> Andreas proposes. If you are using just Guix, then you use visudo from
>> the distro you are on.
>
> My needs go beyond adding a user to the wheel group. I want
> specific programs to run without a sudo password challenge,
> so editing my local copy of sudoers is necessary. I'm now
> using guix visudo as a command-line validation tool to
> ensure that sudoers isn't borked -- which is it's primary
> purpose.
>
> -Jeff
>
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-17 17:03 ` John Soo
@ 2019-06-17 18:02 ` Jeff Bauer
2019-06-17 20:16 ` John Soo
0 siblings, 1 reply; 17+ messages in thread
From: Jeff Bauer @ 2019-06-17 18:02 UTC (permalink / raw)
To: John Soo; +Cc: help-guix, Quiliro's lists
On Mon, Jun 17, 2019 at 10:03:20AM -0700, John Soo wrote:
> Sorry this is so confusing. Let me know if I’m missed something since
> I’ve been half-following this thread. I think what you may want to do
> is use the sudoers-file field when specifying your operating system
> rather than using visudo to edit the file. This way you will have
> persistent and declarative specification for the sudoers file. The
> sudoers-file field allows you to place an arbitrary file-like object in
> it, so you can put whatever you want to add using visudo there and it
> will work the same. Check the manual for
> reference: [1]https://www.gnu.org/software/guix/manual/en/html_node/ope
> rating_002dsystem-Reference.html#operating_002dsystem-Reference
John,
Correct, I got my local sudoers working a few
days ago, so there's no longer any confusion on
my end (but thanks for your reply).
However, guix's visudo should probably be patched
to allow editing of a *local* ~/etc/sudoers file,
which currently won't work because /usr/bin/vi
appears to be hard-coded.
-Jeff
^ permalink raw reply [flat|nested] 17+ messages in thread
* Re: editing /etc/sudoers
2019-06-17 18:02 ` Jeff Bauer
@ 2019-06-17 20:16 ` John Soo
0 siblings, 0 replies; 17+ messages in thread
From: John Soo @ 2019-06-17 20:16 UTC (permalink / raw)
To: Jeff Bauer; +Cc: help-guix, Quiliro's lists
Thanks Jeff,
Sounds good. Do you think this thread is effectively solved, then? You might consider opening a bug report for visudo.
- John
> On Jun 17, 2019, at 11:02 AM, Jeff Bauer <jeffrubic@gmail.com> wrote:
>
>> On Mon, Jun 17, 2019 at 10:03:20AM -0700, John Soo wrote:
>> Sorry this is so confusing. Let me know if I’m missed something since
>> I’ve been half-following this thread. I think what you may want to do
>> is use the sudoers-file field when specifying your operating system
>> rather than using visudo to edit the file. This way you will have
>> persistent and declarative specification for the sudoers file. The
>> sudoers-file field allows you to place an arbitrary file-like object in
>> it, so you can put whatever you want to add using visudo there and it
>> will work the same. Check the manual for
>> reference: [1]https://www.gnu.org/software/guix/manual/en/html_node/ope
>> rating_002dsystem-Reference.html#operating_002dsystem-Reference
>
> John,
>
> Correct, I got my local sudoers working a few
> days ago, so there's no longer any confusion on
> my end (but thanks for your reply).
>
> However, guix's visudo should probably be patched
> to allow editing of a *local* ~/etc/sudoers file,
> which currently won't work because /usr/bin/vi
> appears to be hard-coded.
>
> -Jeff
^ permalink raw reply [flat|nested] 17+ messages in thread
end of thread, other threads:[~2019-06-17 20:16 UTC | newest]
Thread overview: 17+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-14 11:55 editing /etc/sudoers Jeff Bauer
2019-06-14 13:16 ` David Larsson
2019-06-14 13:21 ` Tobias Geerinckx-Rice
2019-06-14 13:58 ` Jeff Bauer
2019-06-16 2:27 ` Quiliro's lists
2019-06-16 14:18 ` Jeff Bauer
2019-06-16 14:30 ` Jeff Bauer
2019-06-16 23:08 ` Quiliro's lists
2019-06-16 23:20 ` Jeff Bauer
2019-06-17 7:17 ` Andreas Enge
2019-06-17 14:34 ` Quiliro's lists
2019-06-17 15:44 ` Jeff Bauer
2019-06-17 17:03 ` John Soo
2019-06-17 18:02 ` Jeff Bauer
2019-06-17 20:16 ` John Soo
2019-06-17 7:53 ` Hartmut Goebel
2019-06-17 15:48 ` Jeff Bauer
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.