• hemko@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    You shouldn’t really use editor with sudo, but instead use sudoedit to edit files restricted to root user

    SUDO_EDITOR=nano sudoedit /etc/fstab

    This accomplishes the same function while running the text editor as unprivileged user

    • Doctor xNo@r.nf
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      1 year ago

      Why?

      Files from user: nano

      Files from root: sudo nano

      Files from another user: sudo nano (and if new sudo chown after)… 😂

      Never had any problems with this in over 10 years… 😅😂

      • hemko@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 year ago

        As mentioned, to prevent running your text editor with root permissions. It’s just security optimization

        • Doctor xNo@r.nf
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          Let me rephrase my question:

          Why would I not want to open nano as root?

          No offense, but that sounds like more OCD behavior. 😅 I don’t need or want protection against myself, and I even loath the whole “that’s not how you’re supposed to do it”-mentality of linux (where when commands know very well what you want, instead of doing it, just tell you you forgot something). 😅

            • Doctor xNo@r.nf
              link
              fedilink
              English
              arrow-up
              0
              ·
              edit-2
              1 year ago

              But, in that example:

              If I’m the admin it doesn’t matter I use it.

              If I’m not it’s not my problem that I could get more privileges than allowed. I’d probably even use the possibility then. 😅

              So it poses a risk if you allow none-admin users to do that on your system, but I still don’t see why I must choose to not use nano as root myself. 😅

              Anyway, good practice to me is ease-of-use instead of with 7 protections against things that rarely happen.

              Like, I’m pretty sure you are better protected from burglars if you also lock all doors inside your house, but I’m definitely not doing that either. 😅

              Edit: Also, if you have users on your system, just chroot/vroot/lxc them, so they be free to ‘sudo nano’ too… 😅

                • Doctor xNo@r.nf
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  I appreciate all the answers on what started out to mostly be a joke (the first comment, I’m not saying the rest was, I actually do mean my follow-up discussions and am enjoying them more than I should). 😅

                  Anyway, first I must disagree with sudo being useless in a single-user environment since some services have non-user (nologin) accounts as which you still need to run things sometimes, so sudo is commonly useful in single-user environments (though you could technically go set bash for those, I suppose.)

                  But yeah, I’m already used to “bad practices” as I have been using linux for 24 years now (when it still was it’s predecessor ‘pico’ 😅) (I said over ‘10’ years in an earlier comment, but I just realized I’m 40 and still calculated from 30. 😂 Wishful thinking. 😅) in what is assumed a bad practice, not only without any problems, but even because it never gave me problems.

                  Might be an age thing too, but I hold on to ease of use over best-practice, especially if it hasn’t failed me in two decades and a half. I think it would take an actual attack on me abusing this behavior for me to stop doing it by now… And even then, I installed linux so many times in my life, even that seems more musclememory and not such a hassle anymore… 😅 At least I could make use of my backup system for once then… 😅

          • hemko@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            It’s not any OCD behavior, but simply the best practices. You’ve probably at least minimally familiar with the principal of least privilege? The idea is to minimize scope of a potential problem , was it malicious attack or user error, by restricting access to minimum required to perform a task. It may feel like fighting pedantically (and I’ve been fighting this more than I’d care to) but it will save your ass one day.

          • scinde@discuss.tchncs.de
            link
            fedilink
            arrow-up
            0
            ·
            1 year ago

            It’s probably to protect against any potential security vulnerabilities in the text editor program itself, not to protect you from yourself.

              • scinde@discuss.tchncs.de
                link
                fedilink
                arrow-up
                0
                ·
                1 year ago

                Sure, but sudo is specifically designed with security in mind as a security program, whereas text editors are not (although I am more likely to trust vim than vscode). Running a malicious program as the user and not as root can help mitigate the impact it could do, even though it will still be able to do a lot as a user.

                • Doctor xNo@r.nf
                  link
                  fedilink
                  English
                  arrow-up
                  0
                  ·
                  1 year ago

                  You assume this malicious code is lame enough not to gain root itself with a modified su.

                  • scinde@discuss.tchncs.de
                    link
                    fedilink
                    arrow-up
                    0
                    ·
                    1 year ago

                    What do you mean get root itself with a modified su? A program that has been run as a user cannot just get root permissions, that’s called a privilege escalation attack and is a serious vulnerability in the kernel which gets fixed quickly when found.