Problems dealing with sudoers.pacnew and some others

Support
1

Hi folks

After doing a system upgrading I found a sudoer.pacnew file.

$ pacdiff -o
/usr/share/icons/default/index.theme.pacsave
/etc/shadow.pacnew
/etc/locale.gen.pacnew
/etc/default/grub.pacnew
/etc/pacman.conf.pacnew
/etc/pam.d/sddm.pacnew
/etc/sudoers.pacnew

These are all quite hefty changes - the sudoers file can not be renamed because the sudo command requires this in place. Both files, sudoers.pacnew and sudoers are both read-only.

ls -l sudoers*
-r–r----- 1 root root 3127 Nov 30 2020 sudoers-old
-r–r----- 1 root root 3442 Jul 12 10:50 sudoers.pacnew

This is quite touchy, because the authentication system will fail and ultimately the OS installation will become borked.

Any suggestions as to how to properly deal with this catch-22?

best regards,
Gustav-4

2

Welcome to the forum.

For starters
https://wiki.archlinux.org/title/Sudoedit#Using_visudo

The configuration file for sudo is /etc/sudoers. It should always be edited with the visudo(8) command.

3

Yes - I am aware of that. But how does this work with a .pacnew file?

There are some new syntax in the pacnew file:

root ALL=(ALL:ALL) ALL

for example.

4

Theres some additional stuff, yes, but it still follows the same syntax and if you havent made a lot of entries yourself then it should be rather similar, ex:
(the relevant bottom portion)

##
root ALL=(ALL:ALL) ALL

## Uncomment to allow members of group wheel to execute any command
 %wheel ALL=(ALL:ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL:ALL) NOPASSWD: ALL

## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) ALL

## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw  # Ask for the password of the target user
# ALL ALL=(ALL:ALL) ALL  # WARNING: only use this together with 'Defaults targetpw'

## Read drop-in files from /etc/sudoers.d
@includedir /etc/sudoers.d

Notice there isnt much and most is commented out.
It also does not target any specific user aside from root, in default state it should be giving power (with password) to those in wheel group.

5

Yes, thanks!

But how to swap out the original with the pacnew file? Perhaps the pacnew file in its entirety is clipped into the sudoers file with visudo? Is this vialble? I have already made a copy of the original as a fallback.

Cheers!

6

Run pacnew-chaser. It’ll show you the files side by side so you can copy and paste the new stuff into your existing configuration. It will ask you for a password before saving.

7

That appears to be KDE only.

8

I read somewhere that pacnew-chaser no longer exists?

9

Its in the AUR

1 Like
10

People who aren’t using Plasma will commonly already have a few Qt-/KDE-specific applications and libraries installed anyway, but you don’t need the whole of KDE Plasma to be able to run pacnew-chaser.

There are also other ways of dealing with .pacnew files, such as meld and pacdiff. The idea is either way that one must merge the .pacnew file into the existing configuration file, after which the .pacnew can then be deleted.

3 Likes
11

OK. I managed the new changes in the sudoers file by manually editing it and referencing its .pacnew replacement. There really wasn’t much changed after copying the new “Defaults specification” section.

But I must admit that this could potentionally cause problems for novice Manjaro users, if this is not handled correctly. I have a root account on this machine, which I very seldom use, so much so that I forgot about it. If I did not have this account I wouldn’t have been able to reestablish the function of the sudo command.

Thanks for your help and your considerations.
Cheers
Gustav-4

12

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.