help-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: editing /etc/sudoers


From: John Soo
Subject: Re: editing /etc/sudoers
Date: Mon, 17 Jun 2019 10:03:20 -0700

Hi Jeff,

Sorry this is so confusing. Let me know if I’m missed something since I’ve been 
half-following this thread. I think what you may want to do is use the 
sudoers-file field when specifying your operating system rather than using 
visudo to edit the file. This way you will have persistent and declarative 
specification for the sudoers file. The sudoers-file field allows you to place 
an arbitrary file-like object in it, so you can put whatever you want to add 
using visudo there and it will work the same. Check the manual for reference: 
https://www.gnu.org/software/guix/manual/en/html_node/operating_002dsystem-Reference.html#operating_002dsystem-Reference

Hope that helps,

John

> On Jun 17, 2019, at 8:44 AM, Jeff Bauer <address@hidden> wrote:
> 
>> On Mon, Jun 17, 2019 at 07:34:46AM -0700, Quiliro's lists wrote:
>> El 2019-06-17 02:17, Andreas Enge escribió:
>>> maybe my reply is off-topic and does not solve your problem, but to just
>>> give sudoer capabilities to a user, it is enough to add them to the "wheel"
>>> group in the system declaration, with something like:
>>> 
>>> (operating-system
>>>  (users (cons* (user-account
>>>                 (name "andreas")
>>>                 (comment "Andreas Enge")
>>>                 (group "users")
>>>                 (supplementary-groups '("wheel"))
>>>                 (home-directory "/home/andreas"))
>>>                %base-user-accounts))
>>>  ...
>>> 
>>> This is in line with the principle that "global" files should not be edited,
>>> but instead be declared in some way in the operating system definition.
>>> 
>>> For more sophisticated uses, the file could be declared in the operating
>>> system definition, I suppose, but I have no experience with this.
>>> 
>>> Andreas
>> 
>> Exactly: if you are using GuixSD, you do not use visudo; you use what
>> Andreas proposes. If you are using just Guix, then you use visudo from
>> the distro you are on.
> 
> My needs go beyond adding a user to the wheel group.  I want
> specific programs to run without a sudo password challenge,
> so editing my local copy of sudoers is necessary.  I'm now
> using guix visudo as a command-line validation tool to
> ensure that sudoers isn't borked -- which is it's primary
> purpose.
> 
> -Jeff
> 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]