See my password as **** in terminal, and how do I change console shell?

Every guide I have ever seen still suggests

sudo visudo

Visudo is after all designed for that one, single purpose. It really is no less secure, after all what you do is still editing who gets root access to your system and you have to have root access to do the edit.

That is old way. It still works if you prefer it.

Using /etc/sudoers.d isn’t any more or less secure. It is “safer” in the sense that it is less likely making a bad change to the file will be problematic and easier to find/fix if you do. It is also easier to manage for at least two reasons:

  • It creates a clear delineation between what was a shipping default and something you changed
  • It is more modular which makes management easier long-term

On a company / university machine maybe. At home? Where you and maybe parts of your absolutely closest family are the only users, and you already set yourself up as sudoer at install instead of having a dedicated root account?
…To me, it is rather the other way around in that case. Editing the sudoer file directly is much easier to remember and keep track of in that case. IMHO, of course.

Especially at home.

Have you never made a change to a configuration file that you later wanted to undo but couldn’t remember exactly what you changed?

I have found (yes, the hard way) that mistakes can still sometimes get through the visudo ‘filter’. Having the changes separately means that you can return to a known working situation more easily - and with a working system the fixes needed are easier to find and implement. It is much easier to remove (or mv) a ‘misbehaving’ entry than edit successfully - and in my case not even a chroot is necessary - just access from a working system elsewhere on the machine, something thunar is particularly good at, I’ve found… (yes, a gentle dig - but not deep!) :smiling_imp:

All those guides I’ve seen are most focused on NOT editing the file without visudo - and they’re quite right about that! (yes, I once ignored that too - long ago).

1 Like

…No, not really. At least not to the point that I can’t re-google it.
But more to the point, I just feel the idea of overrides untidy. the fewer config files in the system the better, imho.

1 Like

But your overrides will not benefit from the sanity checks performed by visudo if I got it right. So, if you did something wrong sudo will not work.

In this case you can just move or delete the offending file and you will return to the config you had before.

Also, the sanity checks are only validating that your file is syntactically correct. They don’t stop you from breaking sudo.

This is a huge reason for me! I broke stuff more than once that was incredibly difficult to fix without doing a full new install or similar.

1 Like

I believe I managed to get the password feeback working and zsh to some degree! :slight_smile: I haven’t been able to get it to show different colors when using different known commands (such as yay, git, pacman, etc.). Do I need to do any extra changes for that? Or is that something I need to “write” myself? E.G. yay = blue, git = red, pull (git pull) = brighter red or darker, etc.

This is the first time I’m trying this out btw, I just once got zsh installed by default in a repo I tested and fell in love how it showed different colors and the auto-suggestion etc. So I never had to do any set-up for it.

You can install zsh-syntax-highlighting from arch community repo and add source /usr/share/zsh/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh to your ~/.zshrc (put it at the end of file).

edit: for getting familiar with zsh I used this guide as a reference. It is a bit dated though.

2 Likes

You may also want the packages zsh-completions if you haven’t installed it already.

1 Like

aaargh, nothing a live iso can’t get you out of :slight_smile:
really most of the warnings sound so end-of-days-like and the measures to prevent some harm-doing seem to be out of proportion with the harm you can do. there’s barely a problem you can’t get yourself out of with a live USB stick at hand.