[sudo-users] per-user editor for visudo
Todd C. Miller
Todd.Miller at courtesan.com
Sun Jul 31 18:45:42 MDT 2016
On Sun, 31 Jul 2016 08:54:19 +0200, balducci at units.it wrote:
> I did consider that and, actually, with the following:
> Defaults:root editor=/usr/bin/nano
> visudo uses nano, overriding the --with-editor=/usr/bin/emacs option at
> build time (however, aside, I have also noticed that with both the
> Defaults:root entry above and a global:
> Defaults editor=/usr/bin/emacs:/usr/bin/nano
> emacs is used; ie apparently the global Defaults wins)
The last match wins, which in this case is the global Defaults line.
> However, and here I'm probably misunderstanding something, if I have:
> Defaults:balducci editor=/usr/bin/nano, \
> timestamp_timeout=-1, \
> !env_reset, \
> then running "sudo visudo" picks all options (but for the editor) for
> balducci; which makes sense to me: I run visudo as root, but sudo knows
> who I actually am and loads my default options.
> So: why is "sudo visudo" honoring all options for balducci, but for the
> editor? what am I missing?
Because it is not sudo that uses the "editor" setting, it is visudo
that does and visudo is being run as root, not balducci. I've
committed a change in visudo to check the SUDO_USER environment
variable and use that if it is set and visudo is run as root.
A better option might be for sudo to pass the editor for visudo on
the command line, which I am considering.
More information about the sudo-users