8

System: Linux Mint 18.1 64-bit Cinnamon.

Objective: To define Bash aliases to launch various CLI and GUI text editors while opening a file in root mode from gnome-terminal emulator.

Progress

For example, the following aliases seem to work as expected:

For CLI, in this example I used Nano (official website):

alias sunano='sudo nano'

For GUI, in this example I used Xed (Wikipedia article):

alias suxed='sudo xed'

They both open a file as root.

Problem

I have an issue with gksudo in conjunction with sublime-text:

alias susubl='gksudo /opt/sublime_text/sublime_text'

Sometimes it works. It just does not do anything most of the time.

How do I debug such a thing with inconsistent behavior? It does not output anything. No error message or similar.

Question

gksudo has been deprecated in Debian and also no longer included in Ubuntu 18.04 Bionic, so let me re-formulate this question to a still valid one:

How to properly edit system files (as root) in GUI (and CLI) in Linux?

Properly in this context I define as safely in case, for instance, a power loss occurs during the file edit, another example could be lost SSH connection, etc.

ctrl-alt-delor
  • 27,993
Vlastimil Burián
  • 28,462
  • I'm not sure how new the feature is but Sublime Text now prompts for root escalation when saving existing files. You still need to create new files from the command line though. – AnnanFay Apr 23 '19 at 14:52

2 Answers2

15

You shouldn’t run an editor as root unless absolutely necessary; you should use sudoedit or sudo -e or sudo --edit, or your desktop environment’s administrative features.

sudoedit

Once sudoedit is set up appropriately, you can do

SUDO_EDITOR="/opt/sublime_text/sublime_text -w" sudoedit yourfile

sudoedit will check that you’re allowed to do this, make a copy of the file that you can edit without changing ownership manually, start your editor, and then, when the editor exits, copy the file back if it has been changed.

I’d suggest a function rather than an alias:

function susubl {
    export SUDO_EDITOR="/opt/sublime_text/sublime_text -w"
    sudoedit "$@"
}

although as Jeff Schaller pointed out, you can use env to put this in an alias and avoid changing your shell’s environment:

alias susubl='env SUDO_EDITOR="/opt/sublime_text/sublime_text -w" sudoedit'

Take note that you don't need to use the $SUDO_EDITOR environment variable if $VISUAL or $EDITOR are already good enough.

The -w option ensures that the Sublime Text invocation waits until the files are closed before returning and letting sudoedit copy the files back.

Desktop environments (GNOME)

In GNOME (and perhaps other desktop environments), you can use any GIO/GVFS-capable editor, with the admin:// scheme; for example

gedit admin:///etc/shells

This will prompt for the appropriate authentication using PolKit, and then open the file for editing if the authentication was successful.

Cristian Ciupitu
  • 2,510
Stephen Kitt
  • 434,908
  • 1
    "You shouldn’t run an editor as root unless absolutely necessary;" I see this so often recited and never really an explanation as to why. I always wonder if i do it is it bad manners, some sort of linux faux-pas? I even feel some sort of slight guilt when doing it, other times I feel smug and defiant. Could you please back up your claim in your answer and add a reason as to why shouldn't one run an editor as root? More often I see this warning regarding GUI programs, and this is the first time I see that even sudo nano would be a bad thing to do. – brett Jan 09 '20 at 16:14
  • 1
    @brett there are a few reasons I recommend that, none of which are germane to the answer so I’ll only mention them here. Editors have potentially large attack surfaces, so if it’s easy to avoid running them as root it’s better to do so (defense in depth). It’s also easy to forget that you’re in a “root” editor, and open files other than the one you intended to edit as root, and then accidentally modify them. – Stephen Kitt Jan 10 '20 at 10:31
  • 2
    @brett I also prefer editing via sudoedit because it means I can use whatever “nice” editor I want without having to jump through hoops (where “nice” includes “configured to my taste”). – Stephen Kitt Jan 10 '20 at 10:32
  • 1
    @brett there’s an additional consideration in the context of sudo: allowing a user to run an editor with sudo effectively means granting them full root access (since of editors can run a shell); sudoedit avoids that. – Stephen Kitt Jan 10 '20 at 13:54
  • 1
    That makes sense if you are working on a server but as a simple home user what is the downside? – brett Jan 10 '20 at 19:24
  • 1
    @brett mistakes are as much of a problem on home systems; see the many questions on this site which involve home users trying to fix their systems... Even for careful users, it’s still a nice habit to pick up, if ever they need to administer more “serious” systems. And my second comment above is relevant regardless of the circumstances! – Stephen Kitt Jan 11 '20 at 16:29
0

Different solution: I never edit system files directly, I make a copy somewhere(*), edit the copy (with my usual editor), and sudo cp when done.

(*) I have a directory for this, where all files are kept in one place:

  • naturally keeps a list of all the file that I have changed
  • easy to version
  • easy to backup
  • easy to transfer to another machine
xenoid
  • 8,888