Comments on: Give users specific access with sudo http://www.ghacks.net/2009/06/24/give-users-specific-access-with-sudo/ A technology blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Wed, 25 Nov 2009 11:58:24 -0600 http://wordpress.org/?v=2.8.6 hourly 1 By: Give users specific access with sudo - Computer Forums http://www.ghacks.net/2009/06/24/give-users-specific-access-with-sudo/#comment-837543 Give users specific access with sudo - Computer Forums Thu, 25 Jun 2009 12:28:31 +0000 http://www.ghacks.net/?p=13835#comment-837543 [...] [...] [...] [...]

]]> By: thebillywayne http://www.ghacks.net/2009/06/24/give-users-specific-access-with-sudo/#comment-837532 thebillywayne Thu, 25 Jun 2009 12:16:54 +0000 http://www.ghacks.net/?p=13835#comment-837532 Me? Hate on nano? Never. It's just that every sudoers file I've ever read has the following line: # This file MUST be edited with the 'visudo' command as root. But it turns out that I'm wrong. `visudo` has the ability invoke whatever editor you have stored in your $EDITOR variable. from the man page, env_editor If set, visudo will use the value of the EDITOR or VISUAL environment vari- ables before falling back on the default editor list. Note that this may create a security hole as it allows the user to run any arbitrary command as root without logging. A safer alternative is to place a colon-separated list of editors in the editor variable. visudo will then only use the EDITOR or VISUAL if they match a value specified in editor. This flag is on by default. So you can use any editor you like. But you still *have* to use the `visudo` command. So ... export EDITOR=nano sudo visudo nano works fine. However, I have it on good authority that every time someone uses emacs, a puppy somewhere gets shot. Harsh. But true. Me? Hate on nano? Never.

It’s just that every sudoers file I’ve ever read has the following line:
# This file MUST be edited with the ‘visudo’ command as root.

But it turns out that I’m wrong. `visudo` has the ability invoke whatever editor you have stored in your $EDITOR variable.

from the man page,

env_editor
If set, visudo will use the value of the EDITOR or VISUAL environment vari-
ables before falling back on the default editor list. Note that this may
create a security hole as it allows the user to run any arbitrary command as
root without logging. A safer alternative is to place a colon-separated list
of editors in the editor variable. visudo will then only use the EDITOR or
VISUAL if they match a value specified in editor. This flag is on by
default.

So you can use any editor you like. But you still *have* to use the `visudo` command.

So …

export EDITOR=nano
sudo visudo

nano works fine. However, I have it on good authority that every time someone uses emacs, a puppy somewhere gets shot. Harsh. But true.

]]> By: Jack Wallen http://www.ghacks.net/2009/06/24/give-users-specific-access-with-sudo/#comment-837056 Jack Wallen Wed, 24 Jun 2009 21:35:43 +0000 http://www.ghacks.net/?p=13835#comment-837056 Billy: Are you hating on nano? ;-) I bet if I said to edit it with emacs a war would start. Billy: Are you hating on nano? ;-) I bet if I said to edit it with emacs a war would start.

]]> By: Billy Wayne http://www.ghacks.net/2009/06/24/give-users-specific-access-with-sudo/#comment-837047 Billy Wayne Wed, 24 Jun 2009 21:23:44 +0000 http://www.ghacks.net/?p=13835#comment-837047 Oh no! You *have* to edit sudoers with `visudo` and nothing else!! sudo visudo you have to learn some basic vi keystrokes but that's better than fubar'ing sudoers! Oh no! You *have* to edit sudoers with `visudo` and nothing else!! sudo visudo

you have to learn some basic vi keystrokes but that’s better than fubar’ing sudoers!

]]>