[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: visudo with Emacs
From: |
Sven Joachim |
Subject: |
Re: visudo with Emacs |
Date: |
Mon, 20 Jun 2011 19:52:45 +0200 |
User-agent: |
Gnus/5.110017 (No Gnus v0.17) Emacs/23.3.50 (gnu/linux) |
On 2011-06-20 07:55 +0200, MON KEY wrote:
> Still, it seems there may be corner cases where the backup might not
> be entirely sanitary. I'm still curious though about what happens to
> the inode (and corresponding metadata) around /etc/sudoers.tmp~ e.g.:
>
> root> ls -ldZ /etc/sudoers.tmp~
> -rw-------. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers.tmp~
The permissions are not what sudo expects (unless you have configured it
--with-sudoers-mode 600), and security context can only be preserved if
both visudo and Emacs support selinux.
>>> Restoring from /etc/sudoers.tmp~ would amount to restoring from the
>>> lock file not /etc/sudoers !
The recommended way to restore is to run visudo again and restore
sudoers.tmp within the editor. Otherwise you risk shooting yourself in
the foot, like you do when editing /etc/sudoers directly.
Cheers,
Sven