Re: vipw and vigr default editor

2018-01-05 Thread Charles Kroeger 
if you're in a hurry in this situation try:

apt-get remove --purge nano

problem solved?

-- 
CK

Re: vipw and vigr default editor

2018-01-05 Thread John Ratliff 

On 1/5/2018 3:25 PM, Roberto C. Sánchez wrote:

On Fri, Jan 05, 2018 at 03:00:43PM -0500, John Ratliff wrote:

When I run

sudo vipw or sudo vigr, it uses nano as the default editor. I've already
used update-alternatives to select vim as my default editor, but this
doesn't seem to work for vipw/vigr.

I have to do

sudo EDITOR=vim vipw

How can I make vim the default editor for vipw/vigr. Or how can I set the
EDITOR variable when I use sudo automatically?


Try 'sudo select-editor'

Regards,

-Roberto



Thanks.

This was the solution.

--John

Re: vipw and vigr default editor

2018-01-05 Thread Ulf Volmer 
On 05.01.2018 21:46, Roberto C. Sánchez wrote:

> There is essentially no functional difference between allowing only the
> EDITOR variable and any arbitrary environment variable.  Allowing EDITOR
> (or PAGER, or any other thing that sets the name of a command to
> execute) through to sudo provides an effective route to bypass any sudo
> restrictions.

OK. Thanks for correction.

best regards,
Ulf

Re: vipw and vigr default editor

2018-01-05 Thread Brian 
On Fri 05 Jan 2018 at 21:37:16 +0100, Ulf Volmer wrote:

> On 05.01.2018 21:15, Greg Wooledge wrote:
> > On Fri, Jan 05, 2018 at 03:00:43PM -0500, John Ratliff wrote:
> 
> >> sudo EDITOR=vim vipw
> 
> > Defaultsenv_reset
> > Defaults:greg   !env_reset
> 
> That basically keeps the *whole* environment, what is usually a security
> issue. Better solution is to keep only needed and proved environment
> variables using
> 
> Defaults  env_keep += "EDITOR"

This is all very incredibly useful. Roberto C. Sánchez has the answer
though.

-- 
Brian.

Re: vipw and vigr default editor

2018-01-05 Thread Roberto C . Sánchez 
On Fri, Jan 05, 2018 at 09:37:16PM +0100, Ulf Volmer wrote:
> 
> That basically keeps the *whole* environment, what is usually a security
> issue. Better solution is to keep only needed and proved environment
> variables using
> 
> Defaults  env_keep += "EDITOR"
> 
Allowing the EDITOR variable through is a gigantic security issue.  Its
value gets passed as a command to the shell:

roberto@debian:~$ sudo EDITOR='echo "I have the power!"' vipw
I have the power! /etc/passwd.edit
vipw: /etc/passwd is unchanged

There is essentially no functional difference between allowing only the
EDITOR variable and any arbitrary environment variable.  Allowing EDITOR
(or PAGER, or any other thing that sets the name of a command to
execute) through to sudo provides an effective route to bypass any sudo
restrictions.

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: vipw and vigr default editor

2018-01-05 Thread Greg Wooledge 
On Fri, Jan 05, 2018 at 09:37:16PM +0100, Ulf Volmer wrote:
> On 05.01.2018 21:15, Greg Wooledge wrote:
> > On Fri, Jan 05, 2018 at 03:00:43PM -0500, John Ratliff wrote:
> 
> >> sudo EDITOR=vim vipw
> 
> > Defaultsenv_reset
> > Defaults:greg   !env_reset
> 
> That basically keeps the *whole* environment, what is usually a security
> issue. Better solution is to keep only needed and proved environment
> variables using
> 
> Defaults  env_keep += "EDITOR"

It all depends on how much trust this "greg" person.  I hear they can
be very sneaky.

Re: vipw and vigr default editor

2018-01-05 Thread Ulf Volmer 
On 05.01.2018 21:15, Greg Wooledge wrote:
> On Fri, Jan 05, 2018 at 03:00:43PM -0500, John Ratliff wrote:

>> sudo EDITOR=vim vipw

> Defaultsenv_reset
> Defaults:greg   !env_reset

That basically keeps the *whole* environment, what is usually a security
issue. Better solution is to keep only needed and proved environment
variables using

Defaults  env_keep += "EDITOR"

best regards,
Ulf

Re: vipw and vigr default editor

2018-01-05 Thread Roberto C . Sánchez 
On Fri, Jan 05, 2018 at 03:00:43PM -0500, John Ratliff wrote:
> When I run
> 
> sudo vipw or sudo vigr, it uses nano as the default editor. I've already
> used update-alternatives to select vim as my default editor, but this
> doesn't seem to work for vipw/vigr.
> 
> I have to do
> 
> sudo EDITOR=vim vipw
> 
> How can I make vim the default editor for vipw/vigr. Or how can I set the
> EDITOR variable when I use sudo automatically?
> 
Try 'sudo select-editor'

Regards,

-Roberto

-- 
Roberto C. Sánchez

Re: vipw and vigr default editor

2018-01-05 Thread Greg Wooledge 
On Fri, Jan 05, 2018 at 03:00:43PM -0500, John Ratliff wrote:
> I have to do
> 
> sudo EDITOR=vim vipw
> 
> How can I make vim the default editor for vipw/vigr. Or how can I set the
> EDITOR variable when I use sudo automatically?

By default, sudo strips all the useful variables out of your environment.
If you want it to *keep* your environment, you need to change the
/etc/sudoers file (with "sudo EDITOR=whatever visudo").  One way to do
it is:

Defaultsenv_reset
Defaults:greg   !env_reset
...

where "greg" is the username who is trusted to set environment vars.

vipw and vigr default editor

2018-01-05 Thread John Ratliff 

When I run

sudo vipw or sudo vigr, it uses nano as the default editor. I've already 
used update-alternatives to select vim as my default editor, but this 
doesn't seem to work for vipw/vigr.


I have to do

sudo EDITOR=vim vipw

How can I make vim the default editor for vipw/vigr. Or how can I set 
the EDITOR variable when I use sudo automatically?


Thanks.

--John