From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E90D0158020 for ; Wed, 26 Oct 2022 03:16:14 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 56DABE0869; Wed, 26 Oct 2022 03:16:10 +0000 (UTC) Received: from tncsrv06.tnetconsulting.net (tncsrv06.tnetconsulting.net [IPv6:2600:3c00:e000:1e9::8849]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id F3ADFE07DB for ; Wed, 26 Oct 2022 03:16:09 +0000 (UTC) Received: from Contact-TNet-Consulting-Abuse-for-assistance by tncsrv06.tnetconsulting.net (8.15.2/8.15.2/Debian-3) with ESMTPSA id 29Q3G8Ka007968 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Tue, 25 Oct 2022 22:16:08 -0500 Subject: Re: [gentoo-user] Update to /etc/sudoers disables wheel users!!! To: gentoo-user@lists.gentoo.org References: From: Grant Taylor Organization: TNet Consulting Message-ID: <7b461fc5-25fa-f07b-aedf-ea538c424bb5@spamtrap.tnetconsulting.net> Date: Tue, 25 Oct 2022 21:15:12 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.13.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: 371c20e6-8d5b-4f88-8921-37bc371ba460 X-Archives-Hash: d96144788a7e5fee466d2823155840ea On 10/25/22 9:04 PM, Ramon Fischer wrote: > I do not think, that this is a bug, since it is the default file, which > should not be edited by the user. I *STRONGLY* /OBJECT/ to the notion that users should not edit configuration files. By design, that's the very purpose of the configuration file, for users to edit them to be what they want them to be. The concept of "don't edit configuration files" seems diametrically opposed to the idea of Gentoo as I understand it. Namely, /you/ build /your/ system to behave the way that /you/ want it to. > All changes should be done in "/etc/sudoers.d/" to avoid such cases. Then why in the world does the /default/ file, as installed by Gentoo, include directions to edit the the file?!?!?! Aside: Someone recently posted a comment to the sudo users mailing list (exact name escapes me) wherein their security policy prohibited @includedir explicitly because of the capability that adding a file to such included directories inherently enabled sudo access -or- caused sudo to fail secure and perform a Denial of Service. They were required to use individual @include directives. IMHO telling a Gentoo user not to modify a file in /etc takes hutzpah. -- Grant. . . . unix || die