In a previous article discussing KDE’s dropping “Run As Root” feature, I’ve mentioned that, from now on, users will be instructed to use a specific tool in order to edit another-user-owned files (root-user files for instance) and that tool is named “sudoedit”.
As a follow-up to that article and also in order to make the landing impact of that inevitable new feature a bit softer, it’s probably a good idea to introduce yourself to sudoedit. So, let’s do it.
sudoedit, not to confuse with sudoEdit which is a vim plugin, is a Linux command line tool used for the specific purpose of editing files.
As a matter of fact, most Linux users are already familiar with sudoedit in a different form; sudoedit is simply sudo invoked with the option:
-e, --edit edit files instead of running a command
sudo -e / –edit and sudoedit are synonymous, you may use whichever form you prefer. Simply issue: sudoedit /PATH/TO/FILE-NAME in Terminal and that file will be opened in a text editor (later I’ll explain how you can configure which text editor app is used).
Indeed, sudoedit lets you edit files as another user, most typically as the root user. However it is what sudoedit can’t do in comparison to the raw power of sudo command which probably defines it the best.
So, we already know that sudoedit cannot be used to run different commands other than edit files. In addition to that, sudoedit also comes with a set of restrictions to “help prevent the editing of unauthorized files”.
These restrictions are good to keep in mind for when you’re using sudoedit on a regular basis, since the errors that might popup from time to time courtesy of these restrictions might not be the most intuitive to figure out, especially if you’re unaware of the restrictions at all.
sudoedit outputs error
sudoedit Restrictions
1. Files located in a directory that is writable by the invoking user may not be edited unless that user is root (version 1.8.16 and higher).
This rule means that if, for instance, your username is Josef and you’re trying to edit a text file that resides inside your Josef directory, you’re probably going to encounter an error since that directory is owned by you and you (Josef) have writing permissions for that directory.
Nevertheless, if you first issue: su root and enter root user mode, then sudoedit will let you edit that file.
2. Symbolic links may not be edited (version 1.8.15 and higher).
Symbolic links, otherwise known as shortcut files for people coming from a Windows background, cannot be edited. Meaning that if you issue: ls -l FILE-NAME-YOU-WISH-TO-EDIT in terminal and you get an output such as this:
$ ls -l text
lrwxrwxrwx 1 liron liron 9 Feb 21 17:57 text -> 'Text File'Then this is a symbolically linked file and you cannot edit it.
Tip: try to the edit the file that it points to instead.
3. Symbolic links along the path to be edited are not followed when the parent directory is writable by the invoking user unless that user is root (version 1.8.16 and higher).
This rule is somewhat a subset of the 1st rule, meaning that you can’t bypass the first restriction using a symbolic link, unless you’re issuing the command as root user, in which case the first rule grants you permission as well.
4. Users are never allowed to edit device special files.
Device special files are typically files that belong to the kernel or to a specific driver (graphics driver, sound driver, etc…). These are the type of files most users wouldn’t want to edit in the first place.
And if you do want to edit such file, I trust that you’ll know how to do it even without sudoedit tool.
So far for the sudoedit restrictions, now let’s focus on the way sudoedit operates so that we’ll be able to use it in a wiser manner.
How sudoedit Actually Works?
There are basically three steps taken by sudoedit once you command it to open a file (that you have permissions to).
1. sudoedit creates a temporary copy of the file you wish to edit and sets your user as the owner of that file.
2. A text editor, preconfigured through your system environment variables or in sudoedit’s default editor setting in the lack of such environmental variable, is then run to edit the temporary files.
Note that the environment variables that sudoedit consults in order to know which text editor to open are: SUDO_EDITOR, VISUAL and EDITOR in that order, meaning, an editor that is specified in VISUAL variable takes precedence over an editor specified in EDITOR variable and so on.
To check whether these variables are configured on your system, just type: echo $VARIABLE-NAME in Terminal and it shall output the configuration.
Check which editor is set by your system variables
To change the variable value e.g. to use kate editor instead of nano, issue: export VARIABLE=/PATH/TO/kate in Terminal.
Change the defined editor value temporarily
This will change the variable for that specific session. To change it permanently, edit your ~/.bashrc file (create it if it doesn’t exist) and add VARIABLE=/PATH/TO/TEXT_EDITOR to it and save (restart Terminal for changes to take effect).
3. Once a file has been modified and saved, the temporary file will be copied to the original location (overwriting existing one) and the temporary version will be removed.
Lastly,Ii’d like to address the benefits of using sudoedit.
It is quite clear that using sudoedit instead of kdesudo, sudo, or any other tool of that matter makes working on your system a bit more tedious than without it.
Nevertheless if there’s any sensible reason that can make it worthwhile, it has to be a security one. And so it is.
Opening a text file in an edit only mode may prevent programs from executing malicious code that may harm your system.
Obviously, if you’re absolutely sure that your system is clean from such bad code, then there’s no reason for you to burden yourself with the extra security measure.
However, if you’re not, it’s probably better safe than sorry.
