Cannot find/change keybindings for visudo on Rhino Linux
iconoclasthero opened this issue · 3 comments
iconoclasthero commented
visudo on my ubuntu 22.04 uses default nano keybindings.
on rhino linux it uses some alien keybindings I am unable to find... so instead of exiting ^X now deletes lines. Instead of page down, I have no idea wtf ^V does.
I really need to get to the bottom of this.
iconoclasthero commented
You would think, based on looking at man visudo
that simply
sudo su
SUDO_EDITOR="nano --rcfile /etc/nanorc"
EDITOR="nano --rcfile /etc/nanorc"
VISUAL="nano --rcfile /etc/nanorc"
visudo
^D
would be sufficient to force the standard keybindings on visudo.
millert commented
If you are running sudo visudo
, you probably need to add:
Defaults env_keep += "SUDO_EDITOR EDITOR VISUAL"
to your sudoers file to preserve those environment variables. If you only want to preserve them for visudo itself you can do something like
Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"
iconoclasthero commented
*I have to say that experiencing the visual stimulus of a pine/pico *cum*
nano screen with decades of muscle memory while my fingers no longer do
what they are supposed to is a uniquely disturbing experience.
Probably what a stroke feels like...*
From your comments above,
I noted this line after I called `$ echo $EDITOR; read -rp;sudo visudo`
```
/usr/bin/nano
⋮
# This allows running arbitrary commands, but so does ALL, and it means
# different sudoers have their choice of editor respected.
#Defaults:%sudo env_keep += "EDITOR"
```
Removing the # on defaults allows for the editor to be accepted.
**There's another setting somewhere because it isn't uncommented in Ubuntu
22.04, ** but the normal nano keybindings are respected.
As far as it goes, that solves my immediate problem.
There are several additional topics here that might or might not be worth
considering.
1) The snippet from sudoers says "This allows running arbitrary
commands..." which I suppose might be an issue if someone else can run
visudo on my system..at which point I doubt this will be my biggest
concern. That said, is there some way to limit this by user as I do with
individual commands? (Since I figured out that this exists, I just add
single commands as I have to call them with sudo and no longer wish to do
so, add alias, etc.) (How is this even possible? Using ^T from within
nano doesn't e.g., change permissions on things root owns...)
2) In trying to get this to work, I assumed root with `sudo su` and then
set the environmental variables and ran visudo as root (i.e., not `sudo
visudo` as a user in `sudo` group). This obviates the need for `sudo -E
<command>` which failed:
```
$ sudo -E \visudo
sudo: sorry, you are not allowed to preserve the environment
```
Again, my assumption was that all I needed to do was to set root's EDITOR,
etc., and it would work. Also, I'm starting to get the feeling that the
reason that sudo said "sorry" is because of the sudoers env_keep/env_reset
settings.
3) Why did I make this assumption?
```
There are two sudoers settings that determine which editor visudo
will run.
editor A colon (‘:’) separated list of editors allowed to be
used with visudo. visudo will
choose the editor that matches the user's SUDO_EDITOR,
VISUAL, or EDITOR environment
variable if possible, or the first editor in the list
that exists and is executable.
sudo does not preserve the SUDO_EDITOR, VISUAL, or
EDITOR environment variables un‐
less they are present in the env_keep list or the
env_reset option is disabled in the
sudoers file. The default editor path is
/usr/bin/editor which can be set at compile
time via the --with-editor configure option.
env_editor If set, visudo will use the value of the SUDO_EDITOR,
VISUAL, or EDITOR environment
variables before falling back on the default editor
list. visudo is typically run as
root so this option may allow a user with visudo
privileges to run arbitrary commands
as root without logging. An alternative is to place a
colon-separated list of “safe”
editors in the editor variable. visudo will then
only use SUDO_EDITOR, VISUAL, or
EDITOR if they match a value specified in editor. If
the env_reset flag is enabled,
the SUDO_EDITOR, VISUAL, and/or EDITOR environment
variables must be present in the
env_keep list for the env_editor flag to function when
visudo is invoked via sudo.
The default value is on, which can be set at compile
time via the --with-env-editor
configure option.
```
Honestly, I only now understand what the sentence "sudo does not preserve
the SUDO_EDITOR, VISUAL, or EDITOR environment variables unless they are
present in the env_keep list or the env_reset option is disabled in
the sudoers file." means. Perhaps adding e.g., 'and thus command line
options will not be respected without first using visudo to edit sudoers
and then you'll be able to use the EDITOR you actually specified as
described immediately above..." or not burying the lead that you can't use
these options without first, circularly, fixing the file you're actually
trying to edit.
I'm not sure how it actually interacts with root since it is not working as
I expect when I'm root.
```
$ sudo su
# EDITOR="$(which nano|tail -1) --rcfile /etc/nanorc"; VISUAL="$EDITOR";
SUDO_EDITOR="$EDITOR"; visudo
```
In this case there's no sudo being called so no environmental variables to
preserve or ignore so it should use the nanorc file specified, but the
alien* key bindings are present.
(by the way, my user nano is aliased: 'alias nano='nano --rcfile /etc/nano'
so I expect that root using the same nanorc file will result in the same
keybindings, i.e., what happens with `# nano --rcfile /etc/nanorc`)
4. I removed the comment on the sudoers line: `Defaults:%sudo env_keep +=
"EDITOR"` and when I run `$ visudo` (aliased `alias visudo='sudo visudo'`)
I get the keybindings I expect. Oddly, and of little consequence since I
will rarely, if ever, be running visudo as root, if I:
```
$ sudo su
# EDITOR="$(which nano|tail -1) --rcfile /etc/nanorc"; VISUAL="$EDITOR";
SUDO_EDITOR="$EDITOR"; visudo
```
I end up with the alien keybindings which I now see are probably this list
from /etc/nanorc:
```
## If you would like nano to have keybindings that are more "usual",
## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit,
## then uncomment these:
#bind ^X cut main
#bind ^C copy main
#bind ^V paste all
#bind ^Q exit all
#bind ^S savefile main
#bind ^W writeout main
#bind ^O insert main
#set multibuffer
#bind ^H help all
#bind ^H exit help
#bind ^F whereis all
#bind ^G findnext all
#bind ^B wherewas all
#bind ^D findprevious all
#bind ^R replace main
#bind ^Z undo main
#bind ^Y redo main
#unbind ^K ain
#unbind ^U all
#unbind ^N main
#unbind ^Y all
#unbind M-J main
#unbind M-T main
#bind ^A mark main
#bind ^P location main
#bind ^T gotoline main
#bind ^T gotodir browser
#bind ^T cutrestoffile execute
#bind ^L linter execute
#bind ^E execute main
```
But I can't find anywhere where there's a nanorc file with those
uncommented. There's no `*nanorc` in ~, `# find /root -iname "*nanorc" `
turned up /root/.nanorc, but, e.g.,
```
# \grep -E '\^X|\^O' /root/.nanorc ; \grep -E '\^X|\^O' /etc/nanorc
## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit,
#bind ^X cut main
#bind ^O insert main
## such as ^O for Open, ^F for Find, ^H for Help, and ^Q for Quit,
#bind ^X cut main
#bind ^O insert main
```
So, there's no reason that when I run `# EDITOR="nano --rcfile /etc/nanorc"
visudo` I *think* I should get the alien keybindings, but that's the result.
…On Mon, Jun 10, 2024 at 9:30 AM Todd C. Miller ***@***.***> wrote:
If you are running sudo visudo, you probably need to add:
Defaults env_keep += "SUDO_EDITOR EDITOR VISUAL"
to your sudoers file to preserve those environment variables. If you only
want to preserve them for visudo itself you can do something like
Defaults!/usr/sbin/visudo env_keep += "SUDO_EDITOR EDITOR VISUAL"
—
Reply to this email directly, view it on GitHub
<#382 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAEC3GV5GSN2D4QICR7MFZDZGWTALAVCNFSM6AAAAABJCCI7LSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNJYGM4DQOJXGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>