public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
From: Ramon Fischer <Ramon_Fischer@hotmail.de>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Update to /etc/sudoers disables wheel users!!!
Date: Wed, 26 Oct 2022 05:34:22 +0200	[thread overview]
Message-ID: <AM6PR10MB2440D12EC2F89BAAAC6AA189EF309@AM6PR10MB2440.EURPRD10.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <7b461fc5-25fa-f07b-aedf-ea538c424bb5@spamtrap.tnetconsulting.net>


[-- Attachment #1.1.1: Type: text/plain, Size: 2008 bytes --]

Hello Grant,

generelly, I totally agree with you! Freedom of changing files 
everywhere is what makes Gentoo a good, user-suited Linux distribution.

But changing *default files* comes with the risk, that a package update 
will overwrite it.

Therefore "[...].d/" directories were "invented", where "d" is an 
abbreviation for "directory" as far as I remember. This is supposed to 
be the playground for users.

Of course including external files come with risks, but how do you want 
to balance usability and security? It is difficult to answer this for me 
as well.
-Ramon

On 26/10/2022 05:15, Grant Taylor wrote:
> On 10/25/22 9:04 PM, Ramon Fischer wrote:
>> I do not think, that this is a bug, since it is the default file, 
>> which should not be edited by the user.
>
> I *STRONGLY* /OBJECT/ to the notion that users should not edit 
> configuration files.
>
> By design, that's the very purpose of the configuration file, for 
> users to edit them to be what they want them to be.
>
> The concept of "don't edit configuration files" seems diametrically 
> opposed to the idea of Gentoo as I understand it. Namely, /you/ build 
> /your/ system to behave the way that /you/ want it to.
>
>> All changes should be done in "/etc/sudoers.d/" to avoid such cases.
>
> Then why in the world does the /default/ file, as installed by Gentoo, 
> include directions to edit the the file?!?!?!
>
> Aside:  Someone recently posted a comment to the sudo users mailing 
> list (exact name escapes me) wherein their security policy prohibited 
> @includedir explicitly because of the capability that adding a file to 
> such included directories inherently enabled sudo access -or- caused 
> sudo to fail secure and perform a Denial of Service.  They were 
> required to use individual @include directives.
>
> IMHO telling a Gentoo user not to modify a file in /etc takes hutzpah.
>
>
>

-- 
GPG public key: 5983 98DA 5F4D A464 38FD CF87 155B E264 13E6 99BF


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 8969 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]

  reply	other threads:[~2022-10-26  3:34 UTC|newest]

Thread overview: 47+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-26  2:34 [gentoo-user] Update to /etc/sudoers disables wheel users!!! Walter Dnes
2022-10-26  3:04 ` Ramon Fischer
2022-10-26  3:15   ` Grant Taylor
2022-10-26  3:34     ` Ramon Fischer [this message]
2022-10-26  3:40       ` Ramon Fischer
2022-10-26  3:44     ` Matt Connell
2022-10-26 16:21       ` Grant Taylor
2022-10-26 17:15         ` Neil Bothwick
2022-10-26 17:31           ` Rich Freeman
2022-10-26 20:17             ` Dale
2022-10-26 21:26               ` [gentoo-user] " Grant Edwards
2022-10-26 22:44                 ` Dale
2022-10-27  1:23                   ` Ramon Fischer
2022-10-27  3:01                     ` Dale
2022-10-27  7:55                       ` Ramon Fischer
2022-10-27  7:59                         ` Ramon Fischer
2022-10-26 23:55                 ` Rich Freeman
2022-10-26  6:31   ` [gentoo-user] " Walter Dnes
2022-10-26  7:42     ` Ramon Fischer
2022-10-26 11:31       ` Rich Freeman
2022-10-26 14:41         ` Ramon Fischer
2022-10-26 16:52       ` Grant Taylor
2022-10-26 17:12         ` [gentoo-user] " Grant Edwards
2022-10-26 17:54           ` Ramon Fischer
2022-10-26 18:04         ` [gentoo-user] " Ramon Fischer
2022-10-26 18:22           ` Neil Bothwick
2022-10-26 19:28             ` Grant Taylor
2022-10-26 20:08               ` Neil Bothwick
2022-10-26 20:17                 ` Grant Taylor
2022-10-26 21:13                   ` Neil Bothwick
2022-10-26 21:29                     ` Grant Taylor
2022-10-26 21:48               ` Ramon Fischer
2022-10-26 23:06                 ` Grant Taylor
2022-10-27  1:27                   ` Ramon Fischer
2022-10-27  1:47                     ` Grant Taylor
2022-10-27  7:53                       ` Ramon Fischer
2022-10-26 18:35           ` Jack
2022-10-26 18:38             ` Ramon Fischer
2022-10-26 20:06               ` Neil Bothwick
2022-10-26 21:27                 ` Ramon Fischer
2022-10-26 21:30                   ` Grant Taylor
2022-10-26 19:31             ` Grant Taylor
2022-10-26 19:26           ` Grant Taylor
2022-10-26 18:04         ` Ramon Fischer
2022-10-26 16:38     ` Grant Taylor
2022-10-26  3:12 ` Matt Connell
2022-10-26  4:00 ` Anna “CyberTailor”

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=AM6PR10MB2440D12EC2F89BAAAC6AA189EF309@AM6PR10MB2440.EURPRD10.PROD.OUTLOOK.COM \
    --to=ramon_fischer@hotmail.de \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox