This is a reminder to user sudoedit. Especially useful for Vim and Neovim users who have a rich and personal configuration.

sudoedit /etc/fstab

is also an option. sudoedit is a short form for sudo -e. It uses the default editor set int EDITOR or VISUAL variable. The difference to sudo vim FILE or sudo nano FILE is, that sudoedit FILE will use the editor configuration from the current user instead from the root. For me this makes a huge difference, because my plugins and settings for Neovim are not used when doing sudo vim.

Man page: https://linux.die.net/man/8/sudoedit

-e’ The -e (edit) option indicates that, instead of running a command, the user wishes to edit one or more files. In lieu of a command, the string “sudoedit” is used when consulting the security policy. If the user is authorized by the policy, the following steps are taken:

  1. Temporary copies are made of the files to be edited with the owner set to the invoking user.

  2. The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the SUDO_EDITOR, VISUAL and EDITOR environment variables (in that order). If none of SUDO_EDITOR, VISUAL or EDITOR are set, the first program listed in the editor sudoers(5) option is used.

  3. If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.

If the specified file does not exist, it will be created. Note that unlike most commands run by sudo, the editor is run with the invoking user’s environment unmodified. If, for some reason, sudo is unable to update a file with its edited version, the user will receive a warning and the edited copy will remain in a temporary file.

  • thingsiplay@beehaw.orgOP
    link
    fedilink
    arrow-up
    3
    ·
    2 months ago

    Good point. I was always wondering how secure this is, as it works with copies of the files in my environment. Because I’m in my personal environment, doing sudoedit /etc/fstab does not let me edit other files from root while in that file. That means if any of the plugins from Vim tries to, they can’t edit arbitrary files, right? (If you don’t trust the plugin, then don’t use, but that’s another topic.) Little side note, just learned that sudoedit ~/.bashrc does not allow me to edit files in my home too.

    • notabot@lemm.ee
      link
      fedilink
      arrow-up
      3
      ·
      2 months ago

      Vim is running as you, rather than root, so you wont be able to edit other files as root, and any rogue plugins wont be able to either, which is good.

      Sudoedit has various guards around what it’ll let you edit, in particular, you can’t edit a file in a directory you already have write permission on as doing so allows the user to bypass restrictions in the sudoers setup (there’s more detail in their issue tracker. If the directory is already writable though, you don’t need sudoedit anyway.