Is Vim safe to use in combination with sudo?
up vote
23
down vote
favorite
It is not advisable to use sudo
with a graphical application like gedit
, as described at this link. Accordingly, I have tended to use vim
with sudo
.
Recently I noticed my ~/.viminfo
was owned by root on a fairly fresh install of Ubuntu 16.04 (Xenial Xerus), so it had me wondering if even Vim is considered to be graphical or if there is some other problem with invoking sudo vim
. After changing ownership to myself via:
sudo find $HOME -not -user $USER -exec chown $USER:$(id -g) {} +
and subsequently running sudo vim
I was unable to have ~/.viminfo
owned by root. However, I am certain that it recently was owned by root.
Is it inadvisable to invoke sudo vim
?
sudo vim
add a comment |
up vote
23
down vote
favorite
It is not advisable to use sudo
with a graphical application like gedit
, as described at this link. Accordingly, I have tended to use vim
with sudo
.
Recently I noticed my ~/.viminfo
was owned by root on a fairly fresh install of Ubuntu 16.04 (Xenial Xerus), so it had me wondering if even Vim is considered to be graphical or if there is some other problem with invoking sudo vim
. After changing ownership to myself via:
sudo find $HOME -not -user $USER -exec chown $USER:$(id -g) {} +
and subsequently running sudo vim
I was unable to have ~/.viminfo
owned by root. However, I am certain that it recently was owned by root.
Is it inadvisable to invoke sudo vim
?
sudo vim
1
Some related questions: unix.stackexchange.com/q/134500/103151 - superuser.com/q/1221102/418736 - askubuntu.com/q/211346/367990
– Byte Commander
Nov 6 at 23:28
1
You can also use vim without sudo and when it comes to saving the file, you can use:w !sudo tee %
– ChatterOne
Nov 7 at 8:49
add a comment |
up vote
23
down vote
favorite
up vote
23
down vote
favorite
It is not advisable to use sudo
with a graphical application like gedit
, as described at this link. Accordingly, I have tended to use vim
with sudo
.
Recently I noticed my ~/.viminfo
was owned by root on a fairly fresh install of Ubuntu 16.04 (Xenial Xerus), so it had me wondering if even Vim is considered to be graphical or if there is some other problem with invoking sudo vim
. After changing ownership to myself via:
sudo find $HOME -not -user $USER -exec chown $USER:$(id -g) {} +
and subsequently running sudo vim
I was unable to have ~/.viminfo
owned by root. However, I am certain that it recently was owned by root.
Is it inadvisable to invoke sudo vim
?
sudo vim
It is not advisable to use sudo
with a graphical application like gedit
, as described at this link. Accordingly, I have tended to use vim
with sudo
.
Recently I noticed my ~/.viminfo
was owned by root on a fairly fresh install of Ubuntu 16.04 (Xenial Xerus), so it had me wondering if even Vim is considered to be graphical or if there is some other problem with invoking sudo vim
. After changing ownership to myself via:
sudo find $HOME -not -user $USER -exec chown $USER:$(id -g) {} +
and subsequently running sudo vim
I was unable to have ~/.viminfo
owned by root. However, I am certain that it recently was owned by root.
Is it inadvisable to invoke sudo vim
?
sudo vim
sudo vim
edited Nov 7 at 17:51
Martin Thornton
2,49951830
2,49951830
asked Nov 6 at 23:21
H2ONaCl
3,175204885
3,175204885
1
Some related questions: unix.stackexchange.com/q/134500/103151 - superuser.com/q/1221102/418736 - askubuntu.com/q/211346/367990
– Byte Commander
Nov 6 at 23:28
1
You can also use vim without sudo and when it comes to saving the file, you can use:w !sudo tee %
– ChatterOne
Nov 7 at 8:49
add a comment |
1
Some related questions: unix.stackexchange.com/q/134500/103151 - superuser.com/q/1221102/418736 - askubuntu.com/q/211346/367990
– Byte Commander
Nov 6 at 23:28
1
You can also use vim without sudo and when it comes to saving the file, you can use:w !sudo tee %
– ChatterOne
Nov 7 at 8:49
1
1
Some related questions: unix.stackexchange.com/q/134500/103151 - superuser.com/q/1221102/418736 - askubuntu.com/q/211346/367990
– Byte Commander
Nov 6 at 23:28
Some related questions: unix.stackexchange.com/q/134500/103151 - superuser.com/q/1221102/418736 - askubuntu.com/q/211346/367990
– Byte Commander
Nov 6 at 23:28
1
1
You can also use vim without sudo and when it comes to saving the file, you can use
:w !sudo tee %
– ChatterOne
Nov 7 at 8:49
You can also use vim without sudo and when it comes to saving the file, you can use
:w !sudo tee %
– ChatterOne
Nov 7 at 8:49
add a comment |
6 Answers
6
active
oldest
votes
up vote
20
down vote
accepted
Yes, it is safe.
The problem with sudo gedit
is because GUI applications use certain files, such as ~/.cache/dconf
, and after elevated gedit
that file becomes root-owned. Well, that particular file contains user-specific settings for GUI applications, including desktop, so if the system can't read those settings - it's bad. IIRC a user can't start a particular desktop. The user's recent files data recently-used.xbel
also gets affected.
On the other hand, Vim doesn't have that problem. It uses no GUI-related database and doesn't put anything into recently-used.xbel
. It was created for a console-only purpose, although gVim also exists. In fact, on some systems Vim is your only choice of editor. So it is safer than gedit by virtue of not causing the same problems. You're still editing as root in both cases, so you could cause problems with improper editing.
According to this blog post:
The first time you use vim, the file
~/.viminfo
is created, and if you usesudo vim
the first time you use vim after installing it on a fresh system, the permissions on~/.viminfo
will have the owner set to root instead of the default user.
While the author points out it can lead to issues, there's nothing complex - just chown
the file back to yourself.
See also:
- What specific bad things happen when gedit is used with sudo?
6
Note that vim is not safe on a multi-user system where you're trying to limit other users' administrative permissions. A user can usesudo vim
to get a copy of vim running as root, then:!/bin/sh
to get a root shell.
– Mark
Nov 7 at 6:05
2
@Mark and what prevents user from just doingsudo /bin/sh
? Practically speaking, if user has root access already they don't need to use elaborate tricks.
– Sergiy Kolodyazhnyy
Nov 7 at 6:10
7
The/etc/sudoers
file. You don't need to do%wheel ALL=(ALL) ALL
--sudo
configuration permits far more nuance than that.
– Mark
Nov 7 at 6:36
1
@Mark OK, good point there - not every system has same settings.
– Sergiy Kolodyazhnyy
Nov 7 at 8:14
Uhm... Will the permission change even if the file exists? Suppose that I hack into a non-admin user account, but I don't know its password (maybe I managed to open a shell). Does this mean that I can copy/bin/bash
to~/.viminfo
, put a setuid on it and wait for the user to runsudo vim
to have it chowned to root?
– ChatterOne
Nov 7 at 8:46
|
show 5 more comments
up vote
13
down vote
It's also possible to use sudoedit
to achieve this; it opens a temporary copy of the file in your editor, with your editor running as you. From the man page:
Temporary copies are made of the files to be edited with the owner set to the invoking user.
The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the
SUDO_EDITOR
,VISUAL
andEDITOR
environment variables (in that order). If none ofSUDO_EDITOR
,VISUAL
orEDITOR
are set, the first program listed in the editorsudoers(5)
option is used.
If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.
This works fine with vim (it's what I generally do) and I imagine it would let you use gedit too. There are some security restrictions.
3
This is much better if you'd rather use your own vim configuration instead of root's.
– NieDzejkob
Nov 7 at 15:20
1
This is also safer if you don't want to run random plugin code as root (however, plugins running as you can also do a lot of damage if they're malicious, so don't use plugins you don't trust in the first place).
– Kevin
Nov 8 at 3:20
add a comment |
up vote
2
down vote
The link is very old (2013). It recommends using gksudo
or gksu
for graphical applications but both of those are becoming obsolete. Later on the accepted answer also suggests sudo -H
though.
The general consensus in the Ask Ubuntu community recently is to use:
sudo -H gedit /path/to/filename
The only problem remains that sudo
doesn't have a profile for tab settings, extensions, word wrap, font name, font size, etc. You can inherit these from your user profile though with a wrapper script like this: How can I sync my root gedit with my user gedit's preferences?
add a comment |
up vote
2
down vote
Yes, it is safe to use sudo vim
. The problems I come across are
Having to quit the file and re-open with
sudo vim
to be able to edit.Having the root
vimrc
being the default one, not my customized useful stuff.
Here's a function you can put in your bashrc
to allow vim to automatically sudo if you can't edit the file normally.
vim() {
#only good for auto-sudo. delete if no sudo privileges.
#If you're not just opening a single file, let's not use this.
if [[ "$#" -ne 1 ]]; then
command vim "$@"
#cases: if we can write to the file, or the file doesn't exist and we can make new files in that directory
elif [[ -w "$1" || ( -w $(dirname "$1") && ! -f "$1" ) ]]; then
# vim or 'vim' only escape aliases, not functions
command vim "$1"
else
sudo env HOME="$HOME" vim -u $HOME/.vimrc "$1"
fi
}
On Ubuntusudo
by default preserves the$HOME
environment variable, which means thatsudo vim
will use your customized .vimrc, and it also means thatsudo vim
will change the ownership of~/.viminfo
to root:root and cause you some inconvenience.
– Marius Gedminas
Nov 8 at 12:22
The accepted answer disagrees with you aboutviminfo
.
– jeremysprofile
Nov 8 at 15:18
add a comment |
up vote
1
down vote
It's fine to use vi as root. There's going to be times when you need to edit a file that requires sudo or root privileges, like changing your network interfaces file, or maybe editing your sshd config file. Using root for graphical stuff is bad because people would connect to IRC or browse the web as root. If they got a virus while doing so, it would have full root access.
2
There is atleast one specific exception for using vi as root. The file which controls the sudo path (/etc/sudoers) should never be edited with vi. For that file, the command visudo should be used. You don't even specify what file isbeing edited, it's just the special case.
– user628388
Nov 7 at 2:31
add a comment |
up vote
0
down vote
Something that hasn't been mentioned in the other answers is that running vim with root will give root priviledges to whatever plugins you have installed. So, the question of whether or not it is safe to run as root depends on whether you trust those plugin developers (or contributors to their project) to not own your system to its core.
Vim is typically vetted by package maintainers in all linux distributions, so it's easy to trust. However, vim plugins are typically installed directly from GitHub repos and typically have much less users auditing (maybe nil). In other words, there is not vetting process with them.
If you don't load plugins while in root, then I guess running as root depends on whether you trust vim developers. You can skip having to trust them, however, by using sudoedit which is made by the same developers of sudo, people that we've already trusted with root access anyways. GKFX and NieDzejkob have already mentioned why sudoedit is ideal. Besides the point that you don't have to trust root access to anyone else besides the developers of sudo, you can load all the plugins you've already trusted with your normal user account.
This discussion on not trusting various developers seems a bit incomplete; if yousudoedit /etc/apt/sources.list
with a compromised plugin installed, it can probably insert a malicious repository and gain root access next time you run updates anyway. I’m sure there’s a long list of root-protected files for which something similar applies. And of course, not every virus requires root; one could grab your bank details with no more than a browser extension.
– GKFX
Nov 9 at 8:45
add a comment |
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
20
down vote
accepted
Yes, it is safe.
The problem with sudo gedit
is because GUI applications use certain files, such as ~/.cache/dconf
, and after elevated gedit
that file becomes root-owned. Well, that particular file contains user-specific settings for GUI applications, including desktop, so if the system can't read those settings - it's bad. IIRC a user can't start a particular desktop. The user's recent files data recently-used.xbel
also gets affected.
On the other hand, Vim doesn't have that problem. It uses no GUI-related database and doesn't put anything into recently-used.xbel
. It was created for a console-only purpose, although gVim also exists. In fact, on some systems Vim is your only choice of editor. So it is safer than gedit by virtue of not causing the same problems. You're still editing as root in both cases, so you could cause problems with improper editing.
According to this blog post:
The first time you use vim, the file
~/.viminfo
is created, and if you usesudo vim
the first time you use vim after installing it on a fresh system, the permissions on~/.viminfo
will have the owner set to root instead of the default user.
While the author points out it can lead to issues, there's nothing complex - just chown
the file back to yourself.
See also:
- What specific bad things happen when gedit is used with sudo?
6
Note that vim is not safe on a multi-user system where you're trying to limit other users' administrative permissions. A user can usesudo vim
to get a copy of vim running as root, then:!/bin/sh
to get a root shell.
– Mark
Nov 7 at 6:05
2
@Mark and what prevents user from just doingsudo /bin/sh
? Practically speaking, if user has root access already they don't need to use elaborate tricks.
– Sergiy Kolodyazhnyy
Nov 7 at 6:10
7
The/etc/sudoers
file. You don't need to do%wheel ALL=(ALL) ALL
--sudo
configuration permits far more nuance than that.
– Mark
Nov 7 at 6:36
1
@Mark OK, good point there - not every system has same settings.
– Sergiy Kolodyazhnyy
Nov 7 at 8:14
Uhm... Will the permission change even if the file exists? Suppose that I hack into a non-admin user account, but I don't know its password (maybe I managed to open a shell). Does this mean that I can copy/bin/bash
to~/.viminfo
, put a setuid on it and wait for the user to runsudo vim
to have it chowned to root?
– ChatterOne
Nov 7 at 8:46
|
show 5 more comments
up vote
20
down vote
accepted
Yes, it is safe.
The problem with sudo gedit
is because GUI applications use certain files, such as ~/.cache/dconf
, and after elevated gedit
that file becomes root-owned. Well, that particular file contains user-specific settings for GUI applications, including desktop, so if the system can't read those settings - it's bad. IIRC a user can't start a particular desktop. The user's recent files data recently-used.xbel
also gets affected.
On the other hand, Vim doesn't have that problem. It uses no GUI-related database and doesn't put anything into recently-used.xbel
. It was created for a console-only purpose, although gVim also exists. In fact, on some systems Vim is your only choice of editor. So it is safer than gedit by virtue of not causing the same problems. You're still editing as root in both cases, so you could cause problems with improper editing.
According to this blog post:
The first time you use vim, the file
~/.viminfo
is created, and if you usesudo vim
the first time you use vim after installing it on a fresh system, the permissions on~/.viminfo
will have the owner set to root instead of the default user.
While the author points out it can lead to issues, there's nothing complex - just chown
the file back to yourself.
See also:
- What specific bad things happen when gedit is used with sudo?
6
Note that vim is not safe on a multi-user system where you're trying to limit other users' administrative permissions. A user can usesudo vim
to get a copy of vim running as root, then:!/bin/sh
to get a root shell.
– Mark
Nov 7 at 6:05
2
@Mark and what prevents user from just doingsudo /bin/sh
? Practically speaking, if user has root access already they don't need to use elaborate tricks.
– Sergiy Kolodyazhnyy
Nov 7 at 6:10
7
The/etc/sudoers
file. You don't need to do%wheel ALL=(ALL) ALL
--sudo
configuration permits far more nuance than that.
– Mark
Nov 7 at 6:36
1
@Mark OK, good point there - not every system has same settings.
– Sergiy Kolodyazhnyy
Nov 7 at 8:14
Uhm... Will the permission change even if the file exists? Suppose that I hack into a non-admin user account, but I don't know its password (maybe I managed to open a shell). Does this mean that I can copy/bin/bash
to~/.viminfo
, put a setuid on it and wait for the user to runsudo vim
to have it chowned to root?
– ChatterOne
Nov 7 at 8:46
|
show 5 more comments
up vote
20
down vote
accepted
up vote
20
down vote
accepted
Yes, it is safe.
The problem with sudo gedit
is because GUI applications use certain files, such as ~/.cache/dconf
, and after elevated gedit
that file becomes root-owned. Well, that particular file contains user-specific settings for GUI applications, including desktop, so if the system can't read those settings - it's bad. IIRC a user can't start a particular desktop. The user's recent files data recently-used.xbel
also gets affected.
On the other hand, Vim doesn't have that problem. It uses no GUI-related database and doesn't put anything into recently-used.xbel
. It was created for a console-only purpose, although gVim also exists. In fact, on some systems Vim is your only choice of editor. So it is safer than gedit by virtue of not causing the same problems. You're still editing as root in both cases, so you could cause problems with improper editing.
According to this blog post:
The first time you use vim, the file
~/.viminfo
is created, and if you usesudo vim
the first time you use vim after installing it on a fresh system, the permissions on~/.viminfo
will have the owner set to root instead of the default user.
While the author points out it can lead to issues, there's nothing complex - just chown
the file back to yourself.
See also:
- What specific bad things happen when gedit is used with sudo?
Yes, it is safe.
The problem with sudo gedit
is because GUI applications use certain files, such as ~/.cache/dconf
, and after elevated gedit
that file becomes root-owned. Well, that particular file contains user-specific settings for GUI applications, including desktop, so if the system can't read those settings - it's bad. IIRC a user can't start a particular desktop. The user's recent files data recently-used.xbel
also gets affected.
On the other hand, Vim doesn't have that problem. It uses no GUI-related database and doesn't put anything into recently-used.xbel
. It was created for a console-only purpose, although gVim also exists. In fact, on some systems Vim is your only choice of editor. So it is safer than gedit by virtue of not causing the same problems. You're still editing as root in both cases, so you could cause problems with improper editing.
According to this blog post:
The first time you use vim, the file
~/.viminfo
is created, and if you usesudo vim
the first time you use vim after installing it on a fresh system, the permissions on~/.viminfo
will have the owner set to root instead of the default user.
While the author points out it can lead to issues, there's nothing complex - just chown
the file back to yourself.
See also:
- What specific bad things happen when gedit is used with sudo?
edited Nov 7 at 18:18
Peter Mortensen
1,03821016
1,03821016
answered Nov 7 at 0:04
Sergiy Kolodyazhnyy
67.6k9139301
67.6k9139301
6
Note that vim is not safe on a multi-user system where you're trying to limit other users' administrative permissions. A user can usesudo vim
to get a copy of vim running as root, then:!/bin/sh
to get a root shell.
– Mark
Nov 7 at 6:05
2
@Mark and what prevents user from just doingsudo /bin/sh
? Practically speaking, if user has root access already they don't need to use elaborate tricks.
– Sergiy Kolodyazhnyy
Nov 7 at 6:10
7
The/etc/sudoers
file. You don't need to do%wheel ALL=(ALL) ALL
--sudo
configuration permits far more nuance than that.
– Mark
Nov 7 at 6:36
1
@Mark OK, good point there - not every system has same settings.
– Sergiy Kolodyazhnyy
Nov 7 at 8:14
Uhm... Will the permission change even if the file exists? Suppose that I hack into a non-admin user account, but I don't know its password (maybe I managed to open a shell). Does this mean that I can copy/bin/bash
to~/.viminfo
, put a setuid on it and wait for the user to runsudo vim
to have it chowned to root?
– ChatterOne
Nov 7 at 8:46
|
show 5 more comments
6
Note that vim is not safe on a multi-user system where you're trying to limit other users' administrative permissions. A user can usesudo vim
to get a copy of vim running as root, then:!/bin/sh
to get a root shell.
– Mark
Nov 7 at 6:05
2
@Mark and what prevents user from just doingsudo /bin/sh
? Practically speaking, if user has root access already they don't need to use elaborate tricks.
– Sergiy Kolodyazhnyy
Nov 7 at 6:10
7
The/etc/sudoers
file. You don't need to do%wheel ALL=(ALL) ALL
--sudo
configuration permits far more nuance than that.
– Mark
Nov 7 at 6:36
1
@Mark OK, good point there - not every system has same settings.
– Sergiy Kolodyazhnyy
Nov 7 at 8:14
Uhm... Will the permission change even if the file exists? Suppose that I hack into a non-admin user account, but I don't know its password (maybe I managed to open a shell). Does this mean that I can copy/bin/bash
to~/.viminfo
, put a setuid on it and wait for the user to runsudo vim
to have it chowned to root?
– ChatterOne
Nov 7 at 8:46
6
6
Note that vim is not safe on a multi-user system where you're trying to limit other users' administrative permissions. A user can use
sudo vim
to get a copy of vim running as root, then :!/bin/sh
to get a root shell.– Mark
Nov 7 at 6:05
Note that vim is not safe on a multi-user system where you're trying to limit other users' administrative permissions. A user can use
sudo vim
to get a copy of vim running as root, then :!/bin/sh
to get a root shell.– Mark
Nov 7 at 6:05
2
2
@Mark and what prevents user from just doing
sudo /bin/sh
? Practically speaking, if user has root access already they don't need to use elaborate tricks.– Sergiy Kolodyazhnyy
Nov 7 at 6:10
@Mark and what prevents user from just doing
sudo /bin/sh
? Practically speaking, if user has root access already they don't need to use elaborate tricks.– Sergiy Kolodyazhnyy
Nov 7 at 6:10
7
7
The
/etc/sudoers
file. You don't need to do %wheel ALL=(ALL) ALL
-- sudo
configuration permits far more nuance than that.– Mark
Nov 7 at 6:36
The
/etc/sudoers
file. You don't need to do %wheel ALL=(ALL) ALL
-- sudo
configuration permits far more nuance than that.– Mark
Nov 7 at 6:36
1
1
@Mark OK, good point there - not every system has same settings.
– Sergiy Kolodyazhnyy
Nov 7 at 8:14
@Mark OK, good point there - not every system has same settings.
– Sergiy Kolodyazhnyy
Nov 7 at 8:14
Uhm... Will the permission change even if the file exists? Suppose that I hack into a non-admin user account, but I don't know its password (maybe I managed to open a shell). Does this mean that I can copy
/bin/bash
to ~/.viminfo
, put a setuid on it and wait for the user to run sudo vim
to have it chowned to root?– ChatterOne
Nov 7 at 8:46
Uhm... Will the permission change even if the file exists? Suppose that I hack into a non-admin user account, but I don't know its password (maybe I managed to open a shell). Does this mean that I can copy
/bin/bash
to ~/.viminfo
, put a setuid on it and wait for the user to run sudo vim
to have it chowned to root?– ChatterOne
Nov 7 at 8:46
|
show 5 more comments
up vote
13
down vote
It's also possible to use sudoedit
to achieve this; it opens a temporary copy of the file in your editor, with your editor running as you. From the man page:
Temporary copies are made of the files to be edited with the owner set to the invoking user.
The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the
SUDO_EDITOR
,VISUAL
andEDITOR
environment variables (in that order). If none ofSUDO_EDITOR
,VISUAL
orEDITOR
are set, the first program listed in the editorsudoers(5)
option is used.
If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.
This works fine with vim (it's what I generally do) and I imagine it would let you use gedit too. There are some security restrictions.
3
This is much better if you'd rather use your own vim configuration instead of root's.
– NieDzejkob
Nov 7 at 15:20
1
This is also safer if you don't want to run random plugin code as root (however, plugins running as you can also do a lot of damage if they're malicious, so don't use plugins you don't trust in the first place).
– Kevin
Nov 8 at 3:20
add a comment |
up vote
13
down vote
It's also possible to use sudoedit
to achieve this; it opens a temporary copy of the file in your editor, with your editor running as you. From the man page:
Temporary copies are made of the files to be edited with the owner set to the invoking user.
The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the
SUDO_EDITOR
,VISUAL
andEDITOR
environment variables (in that order). If none ofSUDO_EDITOR
,VISUAL
orEDITOR
are set, the first program listed in the editorsudoers(5)
option is used.
If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.
This works fine with vim (it's what I generally do) and I imagine it would let you use gedit too. There are some security restrictions.
3
This is much better if you'd rather use your own vim configuration instead of root's.
– NieDzejkob
Nov 7 at 15:20
1
This is also safer if you don't want to run random plugin code as root (however, plugins running as you can also do a lot of damage if they're malicious, so don't use plugins you don't trust in the first place).
– Kevin
Nov 8 at 3:20
add a comment |
up vote
13
down vote
up vote
13
down vote
It's also possible to use sudoedit
to achieve this; it opens a temporary copy of the file in your editor, with your editor running as you. From the man page:
Temporary copies are made of the files to be edited with the owner set to the invoking user.
The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the
SUDO_EDITOR
,VISUAL
andEDITOR
environment variables (in that order). If none ofSUDO_EDITOR
,VISUAL
orEDITOR
are set, the first program listed in the editorsudoers(5)
option is used.
If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.
This works fine with vim (it's what I generally do) and I imagine it would let you use gedit too. There are some security restrictions.
It's also possible to use sudoedit
to achieve this; it opens a temporary copy of the file in your editor, with your editor running as you. From the man page:
Temporary copies are made of the files to be edited with the owner set to the invoking user.
The editor specified by the policy is run to edit the temporary files. The sudoers policy uses the
SUDO_EDITOR
,VISUAL
andEDITOR
environment variables (in that order). If none ofSUDO_EDITOR
,VISUAL
orEDITOR
are set, the first program listed in the editorsudoers(5)
option is used.
If they have been modified, the temporary files are copied back to their original location and the temporary versions are removed.
This works fine with vim (it's what I generally do) and I imagine it would let you use gedit too. There are some security restrictions.
edited Nov 7 at 21:27
answered Nov 7 at 10:44
GKFX
28319
28319
3
This is much better if you'd rather use your own vim configuration instead of root's.
– NieDzejkob
Nov 7 at 15:20
1
This is also safer if you don't want to run random plugin code as root (however, plugins running as you can also do a lot of damage if they're malicious, so don't use plugins you don't trust in the first place).
– Kevin
Nov 8 at 3:20
add a comment |
3
This is much better if you'd rather use your own vim configuration instead of root's.
– NieDzejkob
Nov 7 at 15:20
1
This is also safer if you don't want to run random plugin code as root (however, plugins running as you can also do a lot of damage if they're malicious, so don't use plugins you don't trust in the first place).
– Kevin
Nov 8 at 3:20
3
3
This is much better if you'd rather use your own vim configuration instead of root's.
– NieDzejkob
Nov 7 at 15:20
This is much better if you'd rather use your own vim configuration instead of root's.
– NieDzejkob
Nov 7 at 15:20
1
1
This is also safer if you don't want to run random plugin code as root (however, plugins running as you can also do a lot of damage if they're malicious, so don't use plugins you don't trust in the first place).
– Kevin
Nov 8 at 3:20
This is also safer if you don't want to run random plugin code as root (however, plugins running as you can also do a lot of damage if they're malicious, so don't use plugins you don't trust in the first place).
– Kevin
Nov 8 at 3:20
add a comment |
up vote
2
down vote
The link is very old (2013). It recommends using gksudo
or gksu
for graphical applications but both of those are becoming obsolete. Later on the accepted answer also suggests sudo -H
though.
The general consensus in the Ask Ubuntu community recently is to use:
sudo -H gedit /path/to/filename
The only problem remains that sudo
doesn't have a profile for tab settings, extensions, word wrap, font name, font size, etc. You can inherit these from your user profile though with a wrapper script like this: How can I sync my root gedit with my user gedit's preferences?
add a comment |
up vote
2
down vote
The link is very old (2013). It recommends using gksudo
or gksu
for graphical applications but both of those are becoming obsolete. Later on the accepted answer also suggests sudo -H
though.
The general consensus in the Ask Ubuntu community recently is to use:
sudo -H gedit /path/to/filename
The only problem remains that sudo
doesn't have a profile for tab settings, extensions, word wrap, font name, font size, etc. You can inherit these from your user profile though with a wrapper script like this: How can I sync my root gedit with my user gedit's preferences?
add a comment |
up vote
2
down vote
up vote
2
down vote
The link is very old (2013). It recommends using gksudo
or gksu
for graphical applications but both of those are becoming obsolete. Later on the accepted answer also suggests sudo -H
though.
The general consensus in the Ask Ubuntu community recently is to use:
sudo -H gedit /path/to/filename
The only problem remains that sudo
doesn't have a profile for tab settings, extensions, word wrap, font name, font size, etc. You can inherit these from your user profile though with a wrapper script like this: How can I sync my root gedit with my user gedit's preferences?
The link is very old (2013). It recommends using gksudo
or gksu
for graphical applications but both of those are becoming obsolete. Later on the accepted answer also suggests sudo -H
though.
The general consensus in the Ask Ubuntu community recently is to use:
sudo -H gedit /path/to/filename
The only problem remains that sudo
doesn't have a profile for tab settings, extensions, word wrap, font name, font size, etc. You can inherit these from your user profile though with a wrapper script like this: How can I sync my root gedit with my user gedit's preferences?
answered Nov 7 at 0:46
WinEunuuchs2Unix
39.1k1062144
39.1k1062144
add a comment |
add a comment |
up vote
2
down vote
Yes, it is safe to use sudo vim
. The problems I come across are
Having to quit the file and re-open with
sudo vim
to be able to edit.Having the root
vimrc
being the default one, not my customized useful stuff.
Here's a function you can put in your bashrc
to allow vim to automatically sudo if you can't edit the file normally.
vim() {
#only good for auto-sudo. delete if no sudo privileges.
#If you're not just opening a single file, let's not use this.
if [[ "$#" -ne 1 ]]; then
command vim "$@"
#cases: if we can write to the file, or the file doesn't exist and we can make new files in that directory
elif [[ -w "$1" || ( -w $(dirname "$1") && ! -f "$1" ) ]]; then
# vim or 'vim' only escape aliases, not functions
command vim "$1"
else
sudo env HOME="$HOME" vim -u $HOME/.vimrc "$1"
fi
}
On Ubuntusudo
by default preserves the$HOME
environment variable, which means thatsudo vim
will use your customized .vimrc, and it also means thatsudo vim
will change the ownership of~/.viminfo
to root:root and cause you some inconvenience.
– Marius Gedminas
Nov 8 at 12:22
The accepted answer disagrees with you aboutviminfo
.
– jeremysprofile
Nov 8 at 15:18
add a comment |
up vote
2
down vote
Yes, it is safe to use sudo vim
. The problems I come across are
Having to quit the file and re-open with
sudo vim
to be able to edit.Having the root
vimrc
being the default one, not my customized useful stuff.
Here's a function you can put in your bashrc
to allow vim to automatically sudo if you can't edit the file normally.
vim() {
#only good for auto-sudo. delete if no sudo privileges.
#If you're not just opening a single file, let's not use this.
if [[ "$#" -ne 1 ]]; then
command vim "$@"
#cases: if we can write to the file, or the file doesn't exist and we can make new files in that directory
elif [[ -w "$1" || ( -w $(dirname "$1") && ! -f "$1" ) ]]; then
# vim or 'vim' only escape aliases, not functions
command vim "$1"
else
sudo env HOME="$HOME" vim -u $HOME/.vimrc "$1"
fi
}
On Ubuntusudo
by default preserves the$HOME
environment variable, which means thatsudo vim
will use your customized .vimrc, and it also means thatsudo vim
will change the ownership of~/.viminfo
to root:root and cause you some inconvenience.
– Marius Gedminas
Nov 8 at 12:22
The accepted answer disagrees with you aboutviminfo
.
– jeremysprofile
Nov 8 at 15:18
add a comment |
up vote
2
down vote
up vote
2
down vote
Yes, it is safe to use sudo vim
. The problems I come across are
Having to quit the file and re-open with
sudo vim
to be able to edit.Having the root
vimrc
being the default one, not my customized useful stuff.
Here's a function you can put in your bashrc
to allow vim to automatically sudo if you can't edit the file normally.
vim() {
#only good for auto-sudo. delete if no sudo privileges.
#If you're not just opening a single file, let's not use this.
if [[ "$#" -ne 1 ]]; then
command vim "$@"
#cases: if we can write to the file, or the file doesn't exist and we can make new files in that directory
elif [[ -w "$1" || ( -w $(dirname "$1") && ! -f "$1" ) ]]; then
# vim or 'vim' only escape aliases, not functions
command vim "$1"
else
sudo env HOME="$HOME" vim -u $HOME/.vimrc "$1"
fi
}
Yes, it is safe to use sudo vim
. The problems I come across are
Having to quit the file and re-open with
sudo vim
to be able to edit.Having the root
vimrc
being the default one, not my customized useful stuff.
Here's a function you can put in your bashrc
to allow vim to automatically sudo if you can't edit the file normally.
vim() {
#only good for auto-sudo. delete if no sudo privileges.
#If you're not just opening a single file, let's not use this.
if [[ "$#" -ne 1 ]]; then
command vim "$@"
#cases: if we can write to the file, or the file doesn't exist and we can make new files in that directory
elif [[ -w "$1" || ( -w $(dirname "$1") && ! -f "$1" ) ]]; then
# vim or 'vim' only escape aliases, not functions
command vim "$1"
else
sudo env HOME="$HOME" vim -u $HOME/.vimrc "$1"
fi
}
answered Nov 7 at 20:14
jeremysprofile
1213
1213
On Ubuntusudo
by default preserves the$HOME
environment variable, which means thatsudo vim
will use your customized .vimrc, and it also means thatsudo vim
will change the ownership of~/.viminfo
to root:root and cause you some inconvenience.
– Marius Gedminas
Nov 8 at 12:22
The accepted answer disagrees with you aboutviminfo
.
– jeremysprofile
Nov 8 at 15:18
add a comment |
On Ubuntusudo
by default preserves the$HOME
environment variable, which means thatsudo vim
will use your customized .vimrc, and it also means thatsudo vim
will change the ownership of~/.viminfo
to root:root and cause you some inconvenience.
– Marius Gedminas
Nov 8 at 12:22
The accepted answer disagrees with you aboutviminfo
.
– jeremysprofile
Nov 8 at 15:18
On Ubuntu
sudo
by default preserves the $HOME
environment variable, which means that sudo vim
will use your customized .vimrc, and it also means that sudo vim
will change the ownership of ~/.viminfo
to root:root and cause you some inconvenience.– Marius Gedminas
Nov 8 at 12:22
On Ubuntu
sudo
by default preserves the $HOME
environment variable, which means that sudo vim
will use your customized .vimrc, and it also means that sudo vim
will change the ownership of ~/.viminfo
to root:root and cause you some inconvenience.– Marius Gedminas
Nov 8 at 12:22
The accepted answer disagrees with you about
viminfo
.– jeremysprofile
Nov 8 at 15:18
The accepted answer disagrees with you about
viminfo
.– jeremysprofile
Nov 8 at 15:18
add a comment |
up vote
1
down vote
It's fine to use vi as root. There's going to be times when you need to edit a file that requires sudo or root privileges, like changing your network interfaces file, or maybe editing your sshd config file. Using root for graphical stuff is bad because people would connect to IRC or browse the web as root. If they got a virus while doing so, it would have full root access.
2
There is atleast one specific exception for using vi as root. The file which controls the sudo path (/etc/sudoers) should never be edited with vi. For that file, the command visudo should be used. You don't even specify what file isbeing edited, it's just the special case.
– user628388
Nov 7 at 2:31
add a comment |
up vote
1
down vote
It's fine to use vi as root. There's going to be times when you need to edit a file that requires sudo or root privileges, like changing your network interfaces file, or maybe editing your sshd config file. Using root for graphical stuff is bad because people would connect to IRC or browse the web as root. If they got a virus while doing so, it would have full root access.
2
There is atleast one specific exception for using vi as root. The file which controls the sudo path (/etc/sudoers) should never be edited with vi. For that file, the command visudo should be used. You don't even specify what file isbeing edited, it's just the special case.
– user628388
Nov 7 at 2:31
add a comment |
up vote
1
down vote
up vote
1
down vote
It's fine to use vi as root. There's going to be times when you need to edit a file that requires sudo or root privileges, like changing your network interfaces file, or maybe editing your sshd config file. Using root for graphical stuff is bad because people would connect to IRC or browse the web as root. If they got a virus while doing so, it would have full root access.
It's fine to use vi as root. There's going to be times when you need to edit a file that requires sudo or root privileges, like changing your network interfaces file, or maybe editing your sshd config file. Using root for graphical stuff is bad because people would connect to IRC or browse the web as root. If they got a virus while doing so, it would have full root access.
answered Nov 6 at 23:54
The Letter M
1314
1314
2
There is atleast one specific exception for using vi as root. The file which controls the sudo path (/etc/sudoers) should never be edited with vi. For that file, the command visudo should be used. You don't even specify what file isbeing edited, it's just the special case.
– user628388
Nov 7 at 2:31
add a comment |
2
There is atleast one specific exception for using vi as root. The file which controls the sudo path (/etc/sudoers) should never be edited with vi. For that file, the command visudo should be used. You don't even specify what file isbeing edited, it's just the special case.
– user628388
Nov 7 at 2:31
2
2
There is atleast one specific exception for using vi as root. The file which controls the sudo path (/etc/sudoers) should never be edited with vi. For that file, the command visudo should be used. You don't even specify what file isbeing edited, it's just the special case.
– user628388
Nov 7 at 2:31
There is atleast one specific exception for using vi as root. The file which controls the sudo path (/etc/sudoers) should never be edited with vi. For that file, the command visudo should be used. You don't even specify what file isbeing edited, it's just the special case.
– user628388
Nov 7 at 2:31
add a comment |
up vote
0
down vote
Something that hasn't been mentioned in the other answers is that running vim with root will give root priviledges to whatever plugins you have installed. So, the question of whether or not it is safe to run as root depends on whether you trust those plugin developers (or contributors to their project) to not own your system to its core.
Vim is typically vetted by package maintainers in all linux distributions, so it's easy to trust. However, vim plugins are typically installed directly from GitHub repos and typically have much less users auditing (maybe nil). In other words, there is not vetting process with them.
If you don't load plugins while in root, then I guess running as root depends on whether you trust vim developers. You can skip having to trust them, however, by using sudoedit which is made by the same developers of sudo, people that we've already trusted with root access anyways. GKFX and NieDzejkob have already mentioned why sudoedit is ideal. Besides the point that you don't have to trust root access to anyone else besides the developers of sudo, you can load all the plugins you've already trusted with your normal user account.
This discussion on not trusting various developers seems a bit incomplete; if yousudoedit /etc/apt/sources.list
with a compromised plugin installed, it can probably insert a malicious repository and gain root access next time you run updates anyway. I’m sure there’s a long list of root-protected files for which something similar applies. And of course, not every virus requires root; one could grab your bank details with no more than a browser extension.
– GKFX
Nov 9 at 8:45
add a comment |
up vote
0
down vote
Something that hasn't been mentioned in the other answers is that running vim with root will give root priviledges to whatever plugins you have installed. So, the question of whether or not it is safe to run as root depends on whether you trust those plugin developers (or contributors to their project) to not own your system to its core.
Vim is typically vetted by package maintainers in all linux distributions, so it's easy to trust. However, vim plugins are typically installed directly from GitHub repos and typically have much less users auditing (maybe nil). In other words, there is not vetting process with them.
If you don't load plugins while in root, then I guess running as root depends on whether you trust vim developers. You can skip having to trust them, however, by using sudoedit which is made by the same developers of sudo, people that we've already trusted with root access anyways. GKFX and NieDzejkob have already mentioned why sudoedit is ideal. Besides the point that you don't have to trust root access to anyone else besides the developers of sudo, you can load all the plugins you've already trusted with your normal user account.
This discussion on not trusting various developers seems a bit incomplete; if yousudoedit /etc/apt/sources.list
with a compromised plugin installed, it can probably insert a malicious repository and gain root access next time you run updates anyway. I’m sure there’s a long list of root-protected files for which something similar applies. And of course, not every virus requires root; one could grab your bank details with no more than a browser extension.
– GKFX
Nov 9 at 8:45
add a comment |
up vote
0
down vote
up vote
0
down vote
Something that hasn't been mentioned in the other answers is that running vim with root will give root priviledges to whatever plugins you have installed. So, the question of whether or not it is safe to run as root depends on whether you trust those plugin developers (or contributors to their project) to not own your system to its core.
Vim is typically vetted by package maintainers in all linux distributions, so it's easy to trust. However, vim plugins are typically installed directly from GitHub repos and typically have much less users auditing (maybe nil). In other words, there is not vetting process with them.
If you don't load plugins while in root, then I guess running as root depends on whether you trust vim developers. You can skip having to trust them, however, by using sudoedit which is made by the same developers of sudo, people that we've already trusted with root access anyways. GKFX and NieDzejkob have already mentioned why sudoedit is ideal. Besides the point that you don't have to trust root access to anyone else besides the developers of sudo, you can load all the plugins you've already trusted with your normal user account.
Something that hasn't been mentioned in the other answers is that running vim with root will give root priviledges to whatever plugins you have installed. So, the question of whether or not it is safe to run as root depends on whether you trust those plugin developers (or contributors to their project) to not own your system to its core.
Vim is typically vetted by package maintainers in all linux distributions, so it's easy to trust. However, vim plugins are typically installed directly from GitHub repos and typically have much less users auditing (maybe nil). In other words, there is not vetting process with them.
If you don't load plugins while in root, then I guess running as root depends on whether you trust vim developers. You can skip having to trust them, however, by using sudoedit which is made by the same developers of sudo, people that we've already trusted with root access anyways. GKFX and NieDzejkob have already mentioned why sudoedit is ideal. Besides the point that you don't have to trust root access to anyone else besides the developers of sudo, you can load all the plugins you've already trusted with your normal user account.
answered Nov 7 at 17:00
JoL
1,06437
1,06437
This discussion on not trusting various developers seems a bit incomplete; if yousudoedit /etc/apt/sources.list
with a compromised plugin installed, it can probably insert a malicious repository and gain root access next time you run updates anyway. I’m sure there’s a long list of root-protected files for which something similar applies. And of course, not every virus requires root; one could grab your bank details with no more than a browser extension.
– GKFX
Nov 9 at 8:45
add a comment |
This discussion on not trusting various developers seems a bit incomplete; if yousudoedit /etc/apt/sources.list
with a compromised plugin installed, it can probably insert a malicious repository and gain root access next time you run updates anyway. I’m sure there’s a long list of root-protected files for which something similar applies. And of course, not every virus requires root; one could grab your bank details with no more than a browser extension.
– GKFX
Nov 9 at 8:45
This discussion on not trusting various developers seems a bit incomplete; if you
sudoedit /etc/apt/sources.list
with a compromised plugin installed, it can probably insert a malicious repository and gain root access next time you run updates anyway. I’m sure there’s a long list of root-protected files for which something similar applies. And of course, not every virus requires root; one could grab your bank details with no more than a browser extension.– GKFX
Nov 9 at 8:45
This discussion on not trusting various developers seems a bit incomplete; if you
sudoedit /etc/apt/sources.list
with a compromised plugin installed, it can probably insert a malicious repository and gain root access next time you run updates anyway. I’m sure there’s a long list of root-protected files for which something similar applies. And of course, not every virus requires root; one could grab your bank details with no more than a browser extension.– GKFX
Nov 9 at 8:45
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1090632%2fis-vim-safe-to-use-in-combination-with-sudo%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
Some related questions: unix.stackexchange.com/q/134500/103151 - superuser.com/q/1221102/418736 - askubuntu.com/q/211346/367990
– Byte Commander
Nov 6 at 23:28
1
You can also use vim without sudo and when it comes to saving the file, you can use
:w !sudo tee %
– ChatterOne
Nov 7 at 8:49