Cannot find/change keybindings for visudo on Rhino Linux

[iconoclasthero]

visudo on my ubuntu 22.04 uses default nano keybindings.
on rhino linux it uses some alien keybindings I am unable to find... so instead of exiting ^X now deletes lines. Instead of page down, I have no idea wtf ^V does.

I really need to get to the bottom of this.

[iconoclasthero]

You would think, based on looking at man visudo that simply

sudo su
SUDO_EDITOR="nano --rcfile /etc/nanorc"
EDITOR="nano --rcfile /etc/nanorc"
VISUAL="nano --rcfile /etc/nanorc"
visudo
^D

would be sufficient to force the standard keybindings on visudo.

[millert]

If you are running sudo visudo, you probably need to add:

Defaults env_keep += "SUDO_EDITOR EDITOR VISUAL"

to your sudoers file to preserve those environment variables. If you only want to preserve them for visudo itself you can do something like

Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"

[iconoclasthero]

*I have to say that experiencing the visual stimulus of a pine/pico *cum* nano screen with decades of muscle memory while my fingers no longer do what they are supposed to is a uniquely disturbing experience. Probably what a stroke feels like...* From your comments above, I noted this line after I called `$ echo $EDITOR; read -rp;sudo visudo` ``` /usr/bin/nano ⋮ # This allows running arbitrary commands, but so does ALL, and it means # different sudoers have their choice of editor respected. #Defaults:%sudo env_keep += "EDITOR" ``` Removing the # on defaults allows for the editor to be accepted. **There's another setting somewhere because it isn't uncommented in Ubuntu 22.04, ** but the normal nano keybindings are respected. As far as it goes, that solves my immediate problem. There are several additional topics here that might or might not be worth considering. 1) The snippet from sudoers says "This allows running arbitrary commands..." which I suppose might be an issue if someone else can run visudo on my system..at which point I doubt this will be my biggest concern. That said, is there some way to limit this by user as I do with individual commands? (Since I figured out that this exists, I just add single commands as I have to call them with sudo and no longer wish to do so, add alias, etc.) (How is this even possible? Using ^T from within nano doesn't e.g., change permissions on things root owns...) 2) In trying to get this to work, I assumed root with `sudo su` and then set the environmental variables and ran visudo as root (i.e., not `sudo visudo` as a user in `sudo` group). This obviates the need for `sudo -E <command>` which failed: ``` $ sudo -E \visudo sudo: sorry, you are not allowed to preserve the environment ``` Again, my assumption was that all I needed to do was to set root's EDITOR, etc., and it would work. Also, I'm starting to get the feeling that the reason that sudo said "sorry" is because of the sudoers env_keep/env_reset settings. 3) Why did I make this assumption? ``` There are two sudoers settings that determine which editor visudo will run. editor A colon (‘:’) separated list of editors allowed to be used with visudo. visudo will choose the editor that matches the user's SUDO_EDITOR, VISUAL, or EDITOR environment variable if possible, or the first editor in the list that exists and is executable. sudo does not preserve the SUDO_EDITOR, VISUAL, or EDITOR environment variables un‐ less they are present in the env_keep list or the env_reset option is disabled in the sudoers file. The default editor path is /usr/bin/editor which can be set at compile time via the --with-editor configure option. env_editor If set, visudo will use the value of the SUDO_EDITOR, VISUAL, or EDITOR environment variables before falling back on the default editor list. visudo is typically run as root so this option may allow a user with visudo privileges to run arbitrary commands as root without logging. An alternative is to place a colon-separated list of “safe” editors in the editor variable. visudo will then only use SUDO_EDITOR, VISUAL, or EDITOR if they match a value specified in editor. If the env_reset flag is enabled, the SUDO_EDITOR, VISUAL, and/or EDITOR environment variables must be present in the env_keep list for the env_editor flag to function when visudo is invoked via sudo. The default value is on, which can be set at compile time via the --with-env-editor configure option. ``` Honestly, I only now understand what the sentence "sudo does not preserve the SUDO_EDITOR, VISUAL, or EDITOR environment variables unless they are present in the env_keep list or the env_reset option is disabled in the sudoers file." means. Perhaps adding e.g., 'and thus command line options will not be respected without first using visudo to edit sudoers and then you'll be able to use the EDITOR you actually specified as described immediately above..." or not burying the lead that you can't use these options without first, circularly, fixing the file you're actually trying to edit. I'm not sure how it actually interacts with root since it is not working as I expect when I'm root. ``` $ sudo su # EDITOR="$(which nano|tail -1) --rcfile /etc/nanorc"; VISUAL="$EDITOR"; SUDO_EDITOR="$EDITOR"; visudo ``` In this case there's no sudo being called so no environmental variables to preserve or ignore so it should use the nanorc file specified, but the alien* key bindings are present. (by the way, my user nano is aliased: 'alias nano='nano --rcfile /etc/nano' so I expect that root using the same nanorc file will result in the same keybindings, i.e., what happens with `# nano --rcfile /etc/nanorc`) 4. I removed the comment on the sudoers line: `Defaults:%sudo env_keep += "EDITOR"` and when I run `$ visudo` (aliased `alias visudo='sudo visudo'`) I get the keybindings I expect. Oddly, and of little consequence since I will rarely, if ever, be running visudo as root, if I: ``` $ sudo su # EDITOR="$(which nano|tail -1) --rcfile /etc/nanorc"; VISUAL="$EDITOR"; SUDO_EDITOR="$EDITOR"; visudo ``` I end up with the alien keybindings which I now see are probably this list from /etc/nanorc: ``` ## If you would like nano to have keybindings that are more "usual", ## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit, ## then uncomment these: #bind ^X cut main #bind ^C copy main #bind ^V paste all #bind ^Q exit all #bind ^S savefile main #bind ^W writeout main #bind ^O insert main #set multibuffer #bind ^H help all #bind ^H exit help #bind ^F whereis all #bind ^G findnext all #bind ^B wherewas all #bind ^D findprevious all #bind ^R replace main #bind ^Z undo main #bind ^Y redo main #unbind ^K ain #unbind ^U all #unbind ^N main #unbind ^Y all #unbind M-J main #unbind M-T main #bind ^A mark main #bind ^P location main #bind ^T gotoline main #bind ^T gotodir browser #bind ^T cutrestoffile execute #bind ^L linter execute #bind ^E execute main ``` But I can't find anywhere where there's a nanorc file with those uncommented. There's no `*nanorc` in ~, `# find /root -iname "*nanorc" ` turned up /root/.nanorc, but, e.g., ``` # \grep -E '\^X|\^O' /root/.nanorc ; \grep -E '\^X|\^O' /etc/nanorc ## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit, #bind ^X cut main #bind ^O insert main ## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit, #bind ^X cut main #bind ^O insert main ``` So, there's no reason that when I run `# EDITOR="nano --rcfile /etc/nanorc" visudo` I *think* I should get the alien keybindings, but that's the result.

…

On Mon, Jun 10, 2024 at 9:30 AM Todd C. Miller ***@***.***> wrote: If you are running sudo visudo, you probably need to add: Defaults env_keep += "SUDO_EDITOR EDITOR VISUAL" to your sudoers file to preserve those environment variables. If you only want to preserve them for visudo itself you can do something like Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL" — Reply to this email directly, view it on GitHub <#382 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAEC3GV5GSN2D4QICR7MFZDZGWTALAVCNFSM6AAAAABJCCI7LSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNJYGM4DQOJXGY> . You are receiving this because you authored the thread.Message ID: ***@***.***>