After doing a system upgrading I found a sudoer.pacnew file.
$ pacdiff -o
These are all quite hefty changes - the sudoers file can not be renamed because the sudo command requires this in place. Both files, sudoers.pacnew and sudoers are both read-only.
ls -l sudoers*
-r–r----- 1 root root 3127 Nov 30 2020 sudoers-old
-r–r----- 1 root root 3442 Jul 12 10:50 sudoers.pacnew
This is quite touchy, because the authentication system will fail and ultimately the OS installation will become borked.
Any suggestions as to how to properly deal with this catch-22?
Welcome to the forum.
The configuration file for sudo is
/etc/sudoers. It should always be edited with the visudo(8) command.
Yes - I am aware of that. But how does this work with a .pacnew file?
There are some new syntax in the pacnew file:
root ALL=(ALL:ALL) ALL
Theres some additional stuff, yes, but it still follows the same syntax and if you havent made a lot of entries yourself then it should be rather similar, ex:
(the relevant bottom portion)
root ALL=(ALL:ALL) ALL
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL:ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL:ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL:ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /etc/sudoers.d
Notice there isnt much and most is commented out.
It also does not target any specific user aside from
root, in default state it should be giving power (with password) to those in wheel group.
But how to swap out the original with the pacnew file? Perhaps the pacnew file in its entirety is clipped into the sudoers file with visudo? Is this vialble? I have already made a copy of the original as a fallback.
pacnew-chaser. It’ll show you the files side by side so you can copy and paste the new stuff into your existing configuration. It will ask you for a password before saving.
That appears to be KDE only.
I read somewhere that
pacnew-chaser no longer exists?
People who aren’t using Plasma will commonly already have a few Qt-/KDE-specific applications and libraries installed anyway, but you don’t need the whole of KDE Plasma to be able to run
There are also other ways of dealing with
.pacnew files, such as
pacdiff. The idea is either way that one must merge the
.pacnew file into the existing configuration file, after which the
.pacnew can then be deleted.
OK. I managed the new changes in the sudoers file by manually editing it and referencing its .pacnew replacement. There really wasn’t much changed after copying the new “Defaults specification” section.
But I must admit that this could potentionally cause problems for novice Manjaro users, if this is not handled correctly. I have a root account on this machine, which I very seldom use, so much so that I forgot about it. If I did not have this account I wouldn’t have been able to reestablish the function of the sudo command.
Thanks for your help and your considerations.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.