bug#34005: [PATCH] system: Add sudoedit to %setuid-programs.

[Ludovic Courtès]

Hello,

Meiyo Peng <address@hidden> skribis:

>> Ludovic Courtès writes:

[...]

>>> The problem I see is that on GuixSD /etc/sudoers is not supposed to be
>>> edited directly.  Instead, users are expected to specify ‘sudoers-file’
>>> in their OS config, which generates a read-only /etc/sudoers.
>>>
>>> Whatever changes you make manually to that file are lost upon reboot or
>>> reconfiguration.
>>>
>>> Thus I feel like we should discourage ‘sudo -e’, ’sudoedit’, and
>>> ‘visudo’ altogether.
>>>
>>> WDYT?
>>
>> I agree we should discourage users to edit files in /etc that are
>> managed by guix.  These files will be overridden upon `guix system
>> reconfigure`, so user's modification will be lost.  They should change
>> these files in the guix way by using config.scm.
>>
>> However, sudoedit can also be used to edit files in /media, /mnt, /opt,
>> /srv and /var.  These files require root priviledge to edit and they are
>> not managed by guix.  This is the main reason we need sudoedit.
>>
>> Oh, I also use sudoedit to edit /etc/config.scm.
>>
>> So, WDYT?
>
> I think you have confused sudoedit with visudo.  visudo is used to edit
> /etc/sudoers and it can only edit that file.  But sudoedit is use to
> edit any file that requires root priviledge.

Oh indeed, I wrongfully assumed that ‘sudoedit’ is synonymous with
‘visudo’—thanks for explaining!

> It's a good habit for sysadmins to edit files with `sudoedit
> /path/to/file` rather than `sudo editor /path/to/file`.  sudoedit can
> respect my $EDITOR, which is emacsclient, and connect to my Emacs
> server.  So I can edit files in my familiar Emacs environment.  This is
> much better than `sudo emacs /path/to/file`, which starts a vanilla
> emacs.

OK, got it.  Applied, thanks, and sorry for the confusion!

Ludo’.