Re: visudo with Emacs

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: visudo with Emacs

From:	Sven Joachim
Subject:	Re: visudo with Emacs
Date:	Mon, 20 Jun 2011 19:52:45 +0200
User-agent:	Gnus/5.110017 (No Gnus v0.17) Emacs/23.3.50 (gnu/linux)

On 2011-06-20 07:55 +0200, MON KEY wrote:

> Still, it seems there may be corner cases where the backup might not
> be entirely sanitary.  I'm still curious though about what happens to
> the inode (and corresponding metadata) around /etc/sudoers.tmp~ e.g.:
>
> root> ls -ldZ /etc/sudoers.tmp~
>  -rw-------. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers.tmp~

The permissions are not what sudo expects (unless you have configured it
--with-sudoers-mode 600), and security context can only be preserved if
both visudo and Emacs support selinux.

>>> Restoring from /etc/sudoers.tmp~ would amount to restoring from the
>>> lock file not /etc/sudoers !

The recommended way to restore is to run visudo again and restore
sudoers.tmp within the editor.  Otherwise you risk shooting yourself in
the foot, like you do when editing /etc/sudoers directly.

Cheers,
       Sven

[Prev in Thread]

Current Thread

[Next in Thread]

visudo with Emacs, MON KEY, 2011/06/18
- Re: visudo with Emacs, Eli Zaretskii, 2011/06/18
  - Re: visudo with Emacs, MON KEY, 2011/06/19
    - Re: visudo with Emacs, Sven Joachim, 2011/06/19
    - Re: visudo with Emacs, MON KEY, 2011/06/20
    - Re: visudo with Emacs, Sven Joachim <=

Prev by Date: emacs-20110620 windows binaries
Next by Date: Re: [Emacs-diffs] /srv/bzr/emacs/trunk r104642: * src/process.c (Fset_process_buffer): Clarify return value in docstring.
Previous by thread: Re: visudo with Emacs
Next by thread: New mode for cmd.exe script files (i.e., "batch files"): include in Emacs?
Index(es):
- Date
- Thread