:: Re: [DNG] pkexec in Chimaera
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Lars Noodén
日付:  
To: dng
題目: Re: [DNG] pkexec in Chimaera
On 11/14/21 20:44, tempforever wrote:
> Lars Noodén via Dng wrote:

[snip]
>> On 11/8/21 05:12, tempforever wrote: > You say that sudoedit will run the editor itself under the unprivileged
> account; however, it appears it does run as root:

[snip]

Yes, I say that, but I got it from the manual page which is much more
authoritative. It goes through the steps:

    1.   Temporary copies are made of the files to be edited with
        the owner set to the invoking user.
    2.   The editor specified by the policy is run to edit the
        temporary files.  The sudoers policy uses the
        SUDO_EDITOR, VISUAL and EDITOR environment variables (in
        that order).  If none of SUDO_EDITOR, VISUAL or EDITOR
        are set, the first program listed in the editor
        sudoers(5) option is used.
    3.   If they have been modified, the temporary files are
        copied back to their original location and the temporary
        versions are removed.


sudoedit is running as root there, but it is not itself an editor.

You can verify for yourself that the editor runs under the unprivileged
account. Here is an example of using sudoedit to fire up Geany:

$ EDITOR=geany sudoedit /etc/group &

$ ps -p $(pgrep -d , 'sudoedit|geany') -o user,pid,ppid,args
USER         PID    PPID COMMAND
root      221381  221316 sudoedit /etc/group
lars      221382  221381 geany /var/tmp/group.XXm6gNkW


As you see, sudoedit is a wrapper which supervises the editor and a
temporary file.

/Lars