I like using sudo, but I don't like using vi. Well, it's not that I don't like it. It's that I don't know how to type my name with it.

With some distros, that's a problem, because I'm supposed to use visudo to edit the sudoers file (/etc/sudoers) and it seems that for that, Vi is usually required by default. For those who don't know, sudoers is the configuration file that allows permission for different users to get different levels of access

Recently, I switched from a dual boot of Debian and Suse, my two favorite distros for the last couple years, to a dual boot of Slackware and Vector. (This is still very tenative, by the way, don't be surpried if I pussy out.) That's when this became a problem. With Debian, interestingly enough, visudo seems to use a different editor. I've been told that it's Pico, and I see no reason to that. Whatever it is, it's simple and intuitive enough for me to get through a quick editing session without a hitch. SUSE is set up by default so that when a normal user uses sudo, the prompt requests the root password. Therefore, if you know the root password, sudoers need not be edited.

I seem to have fixed the problem by editing the file with emacs as root, but leaving the edited lines commented. Then I open visudo as root, remove the comment signs with the delete key, and hit ZZ, saving it.

Is there a way that I can get visudo to open with pico (as it does by default in Debian) in other distros?

EDITOR=/path/to/nano visudo

perhaps? I'm not sure whether visudo honors $EDITOR or not, but it's possible.

(Oh, and by the way: Don't use pico. It's not open-source (the University of Washington, who owns the copyright on both pine and pico, won't let you distribute modified versions of either of them -- or at least, it didn't, several years ago), and nano is a fully-functional replacement that is open-source. ;))

yup, just checked out visudo with ubuntu and sure enough, nano comes up.

EDITOR=/path/to/nano visudo

perhaps? I'm not sure whether visudo honors $EDITOR or not, but it's possible.

(Oh, and by the way: Don't use pico. It's not open-source (the University of Washington, who owns the copyright on both pine and pico, won't let you distribute modified versions of either of them -- or at least, it didn't, several years ago), and nano is a fully-functional replacement that is open-source. ;))

Yeah, whoever told me that was pico running with visudo in debian got it wrong; it's definitely nano. I briefly tried installing Sabyon yesterday. (Slowslowslow on this system, it be gone now.) and when I ran visudo, nano came up by name.

EDITOR=/path/to/nano visudo

perhaps? I'm not sure whether visudo honors $EDITOR or not, but it's possible.

(Oh, and by the way: Don't use pico. It's not open-source (the University of Washington, who owns the copyright on both pine and pico, won't let you distribute modified versions of either of them -- or at least, it didn't, several years ago), and nano is a fully-functional replacement that is open-source. ;))

Based on my reading of the manpages, this may work sometimes, but it doesn't seem to work for my current distro (Vector SoHo), as installed out of the box. No matter, though. The method I worked out (edit the file as root in another editor, but with the changes commented, then uncomment in visudo) seems to be an effective hackaround, in lieu of a more "legitimate" method, such as actually learning how to use VI.:p

blackbelt_jones

Give this a try, it's a demo (http://mirror1.linuxcbt.com/demos/classic_edition/LinuxCBT_Classic_vi.html) but it will give some vi basics.

blackbelt_jones

Give this a try, it's a demo (http://mirror1.linuxcbt.com/demos/classic_edition/LinuxCBT_Classic_vi.html) but it will give some vi basics.

I think I'm going to reply to this in the VI vs. EMACS thread.

Here's a summing up the hack that used to edit sudoers with emacs. This is reprinted from a thread in Vector Linux forum:


I edited the sudoers file with emacs as root, but I kept all the changes commented. Then i opened visudo, used the delete key to remove the comments (the only key that seems to work in the vi command mode), hit ZZ, and I was good to go!

The way it seems to work is, because of security concerns, you supposedly need to edit the /etc/sudoers file with visudo in order for the edited file to be effective. However, it appears that you don't need to do ALL the editing in visudo, just the last part of the editing. It looks like I can do the editing as root with any editor, without visudo, and then simply by opening the file and then resaving it with visudo, visudo gives the file its "blessing". The file becomes "legal", and the changes take effect. So, environment variable or not, I can use whatever editor I please, as long as I use visudo afterward.

At least, it seems to have worked this way once-- with my current installation of Vector, when I edited the sudoers file yesterday. I now have full root access without a password for my normal user account , using sudo.

If the security "key" to visudo is access to the visudo program itself as root, and such access is necessary to convey the "blessing" of visudo to the edited sudoers file, I don't see that this hack in any way compromises the security that visudo is supposed to represent.

If I'm wrong about ANY of this, somebody please tell me.

You don't have to edit the sudoers file with visudo at all. Visudo is just the safe way to edit it. Visudo does 2 things, first it ensures only a single person can edit the sudoers file at one time, second it ensures there aren't any syntax errors in the sudoers file which might stop sudo from working. Instead of making commented out changes with another editor then uncommenting with visudo, you could copy the file to /etc/sudoers.tmp edit /etc/sudoers.tmp check it with "visudo -c -f /etc/sudoers.tmp" and then copy /etc/sudoers.tmp over /etc/sudoers if visudo says everything is okay. This does seem a little more complicated, but it is also safer, because you might make inadvertent changes to the sudoers file which render sudo non-functioning even if you intend to only have changes commented out.

Well, I'm pretty sure that when I tried to edit sudoers outside od visudo it didn't work. And I tried it more than once. I don't remember what the error message was, but basically the file is considered invalid.

Hmmm. But maybe that's because I made one of those "errors" you were talking about.

Anyway, I finally did arrive on the perfect solution. Went back to Debian!:)

Incidentally, it turns out that Slackware has a very simple, very elegant solution to this problem.

Here's what an unedited Slackware sudoers file looks like:

# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

# Cmnd alias specification

# Defaults specification

# Runas alias specification

# User privilege specification
root ALL=(ALL) ALL

# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL

# Same thing without a password
#%wheel ALL=(ALL) NOPASSWD: ALL

# Samples
# %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users localhost=/sbin/shutdown -h now


So, all you really need to do to enable a normal user full use of sudo (which is what most people want, right?) is to delete the appropriate "#" (with or without a password) and make sure that your normal user belongs to the group "wheel". All you really need to know about vim is how to save and close with "ZZ". Simple, no?

P.S. I don't know what this means, or if it's my imagination, but it's worth mentioning in connection with my last post that it looks like in Slackware at least, the delete key doesn't doesn't seem to work in the command mode with visudo/vim when X is running, but only when visudo is running from console. Don't know why that should be, but it seems to be my experience, so I'm passing it on.

Regarding the delete key in vim in X: There are tons of places where the delete key can go wrong. See, for instance, this page of Eterm documentation:

http://www.eterm.org/docs/faq/#2

which details most of the issues. I'm not sure whether vim uses the terminfo database or "raw" stty settings, but I suspect it uses terminfo, since at least my vim binary links to ncurses.

So if your delete key is mapping to the X "delete" keysym properly, then you'd just have to make sure $TERM was set to an appropriate value for the terminal emulator program that you're running vim from. (Because the terminal emulator decides which escape sequence to pass for the "delete" keysym. It's up to the console program -- vim -- to consult the terminfo database for the terminal type identified by $TERM, to see what escape sequence it should treat as "delete".) The terminal emulator may have a way to modify this mapping as well; if it does, you would want to be sure you haven't modified the handling of delete.