I shouldn't use sudo nano
Over on /r/linux a user going by /u/AlternOSx posted a short You should Know: YSK : Do not use 'sudo vim/nano/emacs..' to edit a file. Instead, set your $EDITOR and use sudoedit or sudo -e.
Long story short sudoedit
copies the file you want to edit to /tmp/file.xxx
and then opens it with an unprivileged instance of your editor of choice. It then overwrites the source file when you are finished editing, protecting from accidental privilege escalation of commands through your text editor.
Knowing this I came up with a quick way to enforce this best practice by added this function into my .bashrc
file. Hopefully I can retrain myself not to use sudo nano
all the time.
# Define the default editor in this case nano. EDITOR=nano # Catch calls to sudo. function sudo() { if [[ $1 == "$EDITOR" ]]; then # The editor has been called if [ -w "$2" ]; then # If the file is writable by the current user just use the editor as normal. command $EDITOR "$2" else # The file is not writable use sudoedit. command sudoedit "$2" fi else # Use sudo as normal. command /usr/bin/sudo "$@" fi }
Comments