[SOLVED/Upstream bug] Cannot use rnano as visudo editor

Cvlc · 2021-09-22 20:46:28

Hi,

These are the contents of my /etc/sudoers.d/01_conf file (as per https://wiki.archlinux.org/title/Sudo#Using_visudo )

myusername  ALL=(ALL) ALL

# Reset environment by default
Defaults      env_reset

# Set default EDITOR to nano, and do not allow visudo to use EDITOR/VISUAL.
Defaults      editor=/usr/bin/rnano, !env_editor

However this results in visudo returning that there is no editor at /usr/bin/rnano (although running /usr/bin/rnano does work outside of visudo)
Replacing "rnano" with "nano" above works as expected.

Furthermore, "Default insults" does not have any effect.

Any idea what I'm doing wrong ? Or is the wiki incorrect ?

Thanks !

Last edited by Cvlc (2021-09-29 14:55:49)

cloverskull · 2021-09-22 21:58:32

Isn't the 'r' in 'rnano' meant to signify that you're running nano in a restricted sense?

Cvlc · 2021-09-22 22:06:11

It is, which is the point apparently as recommended in Security#Use_sudo_instead_of_su

cloverskull · 2021-09-23 02:03:39

Woah! Today I learned.

Khere · 2021-09-23 07:00:11

Cvlc wrote:

although running /usr/bin/rnano does work outside of visudo
Replacing "rnano" with "nano" above works as expected.

Do you have modify your .bashrc file ? Have you added alias about nano ?
Can you post the output of

cat ~/.bashrc | grep alias

Last edited by Khere (2021-09-23 07:00:22)

Cvlc · 2021-09-24 00:24:01

HI

No, nothing in the aliases regarding nano

seth · 2021-09-24 06:50:02

Furthermore, "Default insults" does not have any effect.

"Defaults insults" (it'll let you know about your strutural inferiority everytime you clobber the password ;-)

No idea about rnano, rvim works…

stat /usr/bin/rnano

Cvlc · 2021-09-24 09:58:02

seth wrote:

"Defaults insults" (it'll let you know about your strutural inferiority everytime you clobber the password ;-)

Unfortunately I only mistyped it here in the thread but it's typed correctly in the sudoers file.

$ sudo cat /etc/sudoers.d/01_conf
username ALL=(ALL) ALL

# Reset environment by default
Defaults      env_reset

# Set default EDITOR to nano, and do not allow visudo to use EDITOR/VISUAL.
Defaults      editor=/usr/bin/nano, !env_editor

# Add insults 
Defaults      insults

For rnano

$  stat /usr/bin/rnano
  File: /usr/bin/rnano -> nano
  Size: 4         	Blocks: 8          IO Block: 4096   symbolic link
Device: 22h/34d	Inode: 846023      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2021-09-24 11:56:01.779528377 +0200
Modify: 2021-06-15 12:39:44.000000000 +0200
Change: 2021-06-18 12:39:54.624376699 +0200
 Birth: 2021-06-18 12:39:54.624376699 +0200

seth · 2021-09-24 15:16:42

The rnano link looks fine.
Do you get insulted when moving the line up?

Cvlc · 2021-09-24 15:59:12

No. It used to be the only line before I added the nano stuff, and it still didn't work.
Is the sudo package still built with the insults flag enabled ?

seth · 2021-09-24 16:02:02

https://github.com/archlinux/svntogit-p … k/PKGBUILD

sudo ls
[sudo] Passwort für seth:
That is no basis for supreme executive power!

Cvlc · 2021-09-24 16:29:38

Very strange. I created the user with homectl could that have anything to do with it ? The sudoers.d/ file is definitely read since I get the error with rnano

seth · 2021-09-24 21:20:01

sudo -l

I could also imagine this to be a locale issue - does sudo insult you for "LC_ALL=C sudo ls"?

Cvlc · 2021-09-24 22:47:48

$ LANG=en sudo -l
Matching Defaults entries for cedric on modern15:
    insults, env_reset, editor=/usr/bin/nano, !env_editor

User cedric may run the following commands on modern15:
    (ALL) ALL

$ LC_ALL=C sudo ls
[sudo] password for cedric: 
Password incorrect or not sufficient for authentication of user cedric.
Sorry, try again:

I thought the locale issue was an excellent idea but apparently still not the answer !

this is so strange. Well, trying so hard to be insulted is strange as well you would say, but I'd like to understand what doesn't work here.

Last edited by Cvlc (2021-09-24 22:49:03)

seth · 2021-09-25 06:58:25

Regression?
"sudo -V" and try downgrading (make sure that sudo isn't your only way to elevate privileges, because if it fails completely, "sudo pacman -S sudo" won't work …)

Can you btw. use rvim?

Cvlc · 2021-09-25 13:10:12

The install is about 6 months old and it's been like this since the very beginning so not a regression

sudo visudo /etc/sudoers.d/01_conf
visudo: no editor found (editor path = /usr/bin/rvim)

same thing, launching /usr/bin/rvim works normally from cmdline.

seth · 2021-09-25 13:12:23

Filesystem?
Does it help if you replace the symlink w/ a hardlink?

Cvlc · 2021-09-25 13:13:02

Btrfs

wouldn't a hard link mess up updates ?

[edit]
Funny, it throws the same error for vim as well, not just rvim. only editor which works is nano

Last edited by Cvlc (2021-09-25 13:21:03)

Cvlc · 2021-09-27 13:52:15

Hi

anything else I can try to find out what the issue is ?

I'll try to reproduce my environment in a vm

seth · 2021-09-27 14:20:08

Sorry, missed your last post.
What's the exact error message you get about "there is no editor at /usr/bin/rnano"

I guess you've $EDITOR at nano?

EDITOR= visudo

???

Cvlc · 2021-09-27 14:23:53

No problem !

LANG=en sudo visudo /etc/sudoers.d/01_conf
visudo: no editor found (editor path = /usr/bin/rnano)

I have VISUAL and EDITOR set to nano but they are ignored by visudo because of !env_editor (I think)

[edit]
same with vim

LANG=en sudo visudo /etc/sudoers.d/01_conf
visudo: no editor found (editor path = /usr/bin/vim)

Last edited by Cvlc (2021-09-27 14:25:24)

seth · 2021-09-27 14:31:27

I get that message for non-existing files (but eg. even /usr/bin/false "works", well… as much as one could expect ;-)
=> btrfs, I guess.

sudo stat /usr/bin/rnano

(there's no background to this, just poking around where and why the binary isn't found)

Cvlc · 2021-09-27 14:34:43

$ LANG=en sudo stat /usr/bin/rnano
  File: /usr/bin/rnano -> nano
  Size: 4         	Blocks: 8          IO Block: 4096   symbolic link
Device: 22h/34d	Inode: 846023      Links: 1
Access: (0777/lrwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2021-09-27 16:32:42.149904674 +0200
Modify: 2021-06-15 12:39:44.000000000 +0200
Change: 2021-06-18 12:39:54.624376699 +0200
 Birth: 2021-06-18 12:39:54.624376699 +0200

same as above

seth · 2021-09-27 15:06:43

SSD? Trim?
Try to just re-install nano. If that doesn't work, indeed hardlink rnano to nano (can easily be undone and we're looking a bit at the FS here)

Cvlc · 2021-09-27 16:55:55

I am indeed using an SSD with trim enabled (both in mount options and periodic fstrim)

reinstalled nano but no change

created the hardlink with

sudo ln -f /usr/bin/nano /usr/bin/rnano

no change either.
will

sudo ln -s /usr/bin/nano /usr/bin/rnano

revert it ?

This soft/hardlink confuses me though, how does it preserve the fact that nano has to run restricted ? (it still does as a hardlink)

[edit]
Just reinstalled nano to be sure.

LANG=en stat /usr/bin/nano && stat /usr/bin/rnano
  File: /usr/bin/nano
  Size: 352840    	Blocks: 696        IO Block: 4096   regular file
Device: 22h/34d	Inode: 1654961     Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2021-09-27 18:57:26.000000000 +0200
Modify: 2021-06-15 12:39:44.000000000 +0200
Change: 2021-09-27 18:57:26.085170336 +0200
 Birth: 2021-09-27 18:57:26.085170336 +0200
  Fichier : /usr/bin/rnano -> nano
   Taille : 4         	Blocs : 8          Blocs d'E/S : 4096   lien symbolique
Périphérique : 22h/34d	Inœud : 1654962     Liens : 1
Accès : (0777/lrwxrwxrwx)  UID : (    0/    root)   GID : (    0/    root)
 Accès : 2021-09-27 18:57:29.728552089 +0200
Modif. : 2021-06-15 12:39:44.000000000 +0200
Changt : 2021-09-27 18:57:26.085170336 +0200
  Créé : 2021-09-27 18:57:26.085170336 +0200

Last edited by Cvlc (2021-09-27 16:59:13)

Arch Linux

#1 2021-09-22 20:46:28

[SOLVED/Upstream bug] Cannot use rnano as visudo editor

#2 2021-09-22 21:58:32

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#3 2021-09-22 22:06:11

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#4 2021-09-23 02:03:39

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#5 2021-09-23 07:00:11

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#6 2021-09-24 00:24:01

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#7 2021-09-24 06:50:02

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#8 2021-09-24 09:58:02

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#9 2021-09-24 15:16:42

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#10 2021-09-24 15:59:12

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#11 2021-09-24 16:02:02

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#12 2021-09-24 16:29:38

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#13 2021-09-24 21:20:01

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#14 2021-09-24 22:47:48

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#15 2021-09-25 06:58:25

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#16 2021-09-25 13:10:12

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#17 2021-09-25 13:12:23

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#18 2021-09-25 13:13:02

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#19 2021-09-27 13:52:15

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#20 2021-09-27 14:20:08

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#21 2021-09-27 14:23:53

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#22 2021-09-27 14:31:27

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#23 2021-09-27 14:34:43

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#24 2021-09-27 15:06:43

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

#25 2021-09-27 16:55:55

Re: [SOLVED/Upstream bug] Cannot use rnano as visudo editor

Board footer