[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /etc/alternatives feedback for presentation

Am 13. Aug, 2018 schwätzte Greg Wooledge so:

moin moin,

On Sat, Aug 11, 2018 at 05:28:37PM -0500, Ryan Nowakowski wrote:
For example if I set the EDITOR env var how does
that interact with update-alternatives when I run visudo?

The VISUAL or EDITOR variable takes precedence, if one of them is set.
If neither one is set, then visudo uses its compiled-in default, which
on Debian happens to be '/usr/bin/editor'.

More than one way...

The problem is that sometimes, sudo will strip environment variables,
and sometimes, it will not.  So, on any given computer with any given
sudoers configuration, you can't actually know in advance whether
"sudo visudo" will use VISUAL/EDITOR or not.

Will this preserve the variables you want?

                 Indicates to the security policy that the user wishes to
                 the comma-separated list of environment variables to
                 preserved from the user's environment.  The security
                 may return an error if the user does not have permission
                 preserve the environment.

Isn't Unix *fun*?

Yup :)

Of course, if you simply use "su", then VISUAL/EDITOR will be preserved
in the environment (because "su" does not strip environment variables),
so "su" followed by "visudo" should work fine.

But, wait!  Debian has decided to CHANGE HOW SU WORKS in testing, so
after stretch, who knows how things will work?!

I didn't realize su is changing. What's the change?

Some people claim you should muscle-memorize "su -" which strips the
environment in order to give you a usable PATH variable.  If you follow
THIS advice, then "su -" will strip VISUAL/EDITOR from the environment,
and then your VISUAL/EDITOR variables won't work when you type visudo.
So, I can't imagine why you would want to do that.  Losing all your
qualify-of-life environment variables is far too high a price to pay to
get a working PATH variable after su.

The other alternatives are:

1) Stay on stretch.
2) Edit /etc/login.defs to restore a functional su command (without needing
  to use "su -").
3) Put /usr/sbin and /sbin in your ordinary account's PATH.

That's what I do. At this point anyone who has the knowledge and desire to
use the shell also knows how to update PATH, no need to give them a
half-baked environment.




#  https://www.LuftHans.com   https://www.PhxLinux.org
#  "I guess I should've agreed with my boss more often. Today I was replaced
#  by a bobblehead doll!" -- Randy Glasbergen, 13Mar2006

Reply to: