public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download: 
* Re: [gentoo-user] Update to /etc/sudoers disables wheel users!!!
  @ 2022-10-26  3:34 99%     ` Ramon Fischer
  0 siblings, 0 replies; 1+ results
From: Ramon Fischer @ 2022-10-26  3:34 UTC (permalink / raw
  To: gentoo-user


[-- Attachment #1.1.1: Type: text/plain, Size: 2008 bytes --]

Hello Grant,

generelly, I totally agree with you! Freedom of changing files 
everywhere is what makes Gentoo a good, user-suited Linux distribution.

But changing *default files* comes with the risk, that a package update 
will overwrite it.

Therefore "[...].d/" directories were "invented", where "d" is an 
abbreviation for "directory" as far as I remember. This is supposed to 
be the playground for users.

Of course including external files come with risks, but how do you want 
to balance usability and security? It is difficult to answer this for me 
as well.
-Ramon

On 26/10/2022 05:15, Grant Taylor wrote:
> On 10/25/22 9:04 PM, Ramon Fischer wrote:
>> I do not think, that this is a bug, since it is the default file, 
>> which should not be edited by the user.
>
> I *STRONGLY* /OBJECT/ to the notion that users should not edit 
> configuration files.
>
> By design, that's the very purpose of the configuration file, for 
> users to edit them to be what they want them to be.
>
> The concept of "don't edit configuration files" seems diametrically 
> opposed to the idea of Gentoo as I understand it. Namely, /you/ build 
> /your/ system to behave the way that /you/ want it to.
>
>> All changes should be done in "/etc/sudoers.d/" to avoid such cases.
>
> Then why in the world does the /default/ file, as installed by Gentoo, 
> include directions to edit the the file?!?!?!
>
> Aside:  Someone recently posted a comment to the sudo users mailing 
> list (exact name escapes me) wherein their security policy prohibited 
> @includedir explicitly because of the capability that adding a file to 
> such included directories inherently enabled sudo access -or- caused 
> sudo to fail secure and perform a Denial of Service.  They were 
> required to use individual @include directives.
>
> IMHO telling a Gentoo user not to modify a file in /etc takes hutzpah.
>
>
>

-- 
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 8969 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

^ permalink raw reply	[relevance 99%]

Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2022-10-26  2:34     [gentoo-user] Update to /etc/sudoers disables wheel users!!! Walter Dnes
2022-10-26  3:04     ` Ramon Fischer
2022-10-26  3:15       ` Grant Taylor
2022-10-26  3:34 99%     ` Ramon Fischer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox