My flunky sbaxter
needs to edit the named configuration file, /etc/named.conf. Consider this sudo
configuration:
sbaxter dns1=/etc/rc.d/named,/sbin/mount_nfs,/usr/bin/vi /etc/named.conf
Looks good, right?
Uh, no.
The first problem is that I’m requiring sbaxter
to use a specific editor. Minimal competence in vi is required for system administrators, but I don’t want to force him to use a specific editor to do his day-to-day job. Also, many editors offer shell escapes. While most people are aware of escaping to a shell in vi, emacs has a shell escape as well. If my flunky can escape to a shell while running an editor as root, he gains root access. This is exactly what I want to avoid.
The sudoedit
feature lets users edit specific files with their preferred editor, or a default chosen by the sysadmin, without working as root.
sbaxter dns1=/etc/rc.d/named,/sbin/mount_nfs,
sudoedit /etc/named.conf, /etc/rndc.key
The keyword sudoedit
is followed by a list of the files that the user can edit, thereby permitting the user to change those files without root privileges.
The user edits the file by passing a filename to sudoedit
.
$ sudoedit /etc/named.conf
Technically, the user doesn’t edit the actual file; instead, sudoedit
copies the file to a temporary file owned by the user, and when the user closes the editor, it copies the temporary file to the original location. The user never runs the editor as root.
The sudoedit
keyword uses the editor given by the environment variable $SUDO_EDITOR
, $VISUAL
, or $EDITOR
. Users can set that variable in their shell if they don’t like what the system offers them.