69
submitted 3 weeks ago by thingsiplay@beehaw.org to c/linux@lemmy.ml

This is a reminder to user sudoedit. Especially useful for Vim and Neovim users who have a rich and personal configuration.

sudoedit /etc/fstab

is also an option. sudoedit is a short form for sudo -e. It uses the default editor set int EDITOR or VISUAL variable. The difference to sudo vim FILE or sudo nano FILE is, that sudoedit FILE will use the editor configuration from the current user instead from the root. For me this makes a huge difference, because my plugins and settings for Neovim are not used when doing sudo vim.

Man page: https://linux.die.net/man/8/sudoedit

-e' The -e (edit) option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string "sudoedit" is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken:

  1. Temporary copies are made of the files to be edited with the owner set to the invoking user.

  2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.

  3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.

If the specified file does not exist, it will be created. Note that unlike most commands run by sudo, the editor is run with the invoking user's environment unmodified. If, for some reason, sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.

top 20 comments
sorted by: hot top controversial new old
[-] notabot@lemm.ee 18 points 3 weeks ago

Be cautious of doing this with security sensitive files. When it copies the file and gives you ownership, any sensitive data in it is exposed to any process running as your user id, and and temporary fil£s the editor creates may also contain the sensitive content and be owned by you.

[-] thingsiplay@beehaw.org 3 points 3 weeks ago

Good point. I was always wondering how secure this is, as it works with copies of the files in my environment. Because I'm in my personal environment, doing sudoedit /etc/fstab does not let me edit other files from root while in that file. That means if any of the plugins from Vim tries to, they can't edit arbitrary files, right? (If you don't trust the plugin, then don't use, but that's another topic.) Little side note, just learned that sudoedit ~/.bashrc does not allow me to edit files in my home too.

[-] notabot@lemm.ee 3 points 3 weeks ago

Vim is running as you, rather than root, so you wont be able to edit other files as root, and any rogue plugins wont be able to either, which is good.

Sudoedit has various guards around what it'll let you edit, in particular, you can't edit a file in a directory you already have write permission on as doing so allows the user to bypass restrictions in the sudoers setup (there's more detail in their issue tracker. If the directory is already writable though, you don't need sudoedit anyway.

[-] Strit@lemmy.linuxuserspace.show 12 points 3 weeks ago

How is sudoedit shorter than sudo -e ? :D

[-] elkalbil@jlai.lu 11 points 3 weeks ago* (last edited 3 weeks ago)

Most admins will type sudoe<tab> , which is shorter

[-] Strit@lemmy.linuxuserspace.show 6 points 3 weeks ago

Good point. sudoe + TAB is 1 keystroke shorter than sudo -e :)

[-] foremanguy92_@lemmy.ml 6 points 3 weeks ago

Easier to type, I think ¯_(ツ)_/¯

[-] thingsiplay@beehaw.org 5 points 3 weeks ago

Not even a joke, I was sleepy (before going to bed) when making this post. :D So not sure why I said this. I like how the replies have good faith and trying to find a reason.^^ lovely community

[-] dino@discuss.tchncs.de 8 points 3 weeks ago

Totally agree with OP, this also works with different editors like Helix.

[-] lnxtx@feddit.nl 6 points 3 weeks ago

Also. With sudo vim (or other editor) you can do privilege escalation, became root.

[-] thingsiplay@beehaw.org 2 points 3 weeks ago

Yes. And this has huge implications, as as root user in Vim you can load and edit other files. While sudoedit is limited to your personal environment, as while the editing process no root privileges are in use. (I think...)

[-] beeng@discuss.tchncs.de 3 points 3 weeks ago

Appreciate you :)

[-] starbrite@lemmy.zip 3 points 3 weeks ago
[-] Neptr@lemmy.blahaj.zone 5 points 3 weeks ago

Just get doasedit. I remember finding scripts that achieve similar functionality as sudoedit.

[-] adamnejm@programming.dev 2 points 3 weeks ago* (last edited 3 weeks ago)

Meanwhile, a reverse vim enjoyer like myself, using micro to edit any file running as my user. If it requires root to write, it will simply elevate the permissions for that operation when I press Ctrl+S, asking for password if needed.

Same idea with VSCodium, but via GUI polkit prompt.

Life is good when you don't hjkl ^_^

[-] Yingwu@lemmy.dbzer0.com 1 points 3 weeks ago

I had a problem where even if I tried to set the default editor to vim, it'd still not use my lazyvim setup and I never figured out how to fix it.

[-] thingsiplay@beehaw.org 2 points 3 weeks ago

I use LazyVim too BTW. You mean it would not use in sudo environment or in your current environment?

[-] Yingwu@lemmy.dbzer0.com 1 points 3 weeks ago

It worked fine in my current environment, but not with sudoedit no. Can't remember exactly why, might look at it again. It worked for you just by setting the default editor variable?

[-] mbirth@lemmy.ml 2 points 3 weeks ago

It’s probably loading the home environment of root similar to sudo -H vim … instead of just elevating privileges but keeping your home environment.

[-] thingsiplay@beehaw.org 1 points 3 weeks ago

I didn't do anything special to make that work. The variable export EDITOR='nvim' is set in my ".bash_profile" file in "Home" directly. The point of sudoedit is to use your personal environment, so it should pick it up. If there is any configuration needed to make this work, then I"m not aware of it.

this post was submitted on 05 Dec 2024
69 points (96.0% liked)

Linux

48746 readers
1027 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS