“I use Arch Linux btw”
*doesn’t know how to use vim
Pottery
Hey!
If they don’t understand this, can we even call it intelligent life?
Maybe they use Emacs.
Bonus: I googled “emacs” to make sure I got the capitalization right for the post and Google is throwing shade:
wrong: you press esc multiple times to make sure you are in normal mode.
At least 3 times. 5 to make sure.
ESC Z Z
Although I usually bang ESC a few times to
make sure i’m back to command modeyou mean normal mode?
Yes, I do.
Double Z’s will save and then exit. The command on until board will exit without saving changes.
yeah to exit without saving you do ZQ instead of ZZ
sudo nano
You shouldn’t really use editor with sudo, but instead use sudoedit to edit files restricted to root user
SUDO_EDITOR=nano sudoedit /etc/fstab
This accomplishes the same function while running the text editor as unprivileged user
Why?
Files from user: nano
Files from root: sudo nano
Files from another user: sudo nano (and if new sudo chown after)… 😂
Never had any problems with this in over 10 years… 😅😂
As mentioned, to prevent running your text editor with root permissions. It’s just security optimization
Let me rephrase my question:
Why would I not want to open nano as root?
No offense, but that sounds like more OCD behavior. 😅 I don’t need or want protection against myself, and I even loath the whole “that’s not how you’re supposed to do it”-mentality of linux (where when commands know very well what you want, instead of doing it, just tell you you forgot something). 😅
It’s not any OCD behavior, but simply the best practices. You’ve probably at least minimally familiar with the principal of least privilege? The idea is to minimize scope of a potential problem , was it malicious attack or user error, by restricting access to minimum required to perform a task. It may feel like fighting pedantically (and I’ve been fighting this more than I’d care to) but it will save your ass one day.
sudoedit opens the editor as your user and just writes the file as root. For a single user who is also admin on the system this does not matter in many cases.
In a multi user context you can easily escape your editor and run a shell which allows a non admin user to escalate their privileges. So from a security implementation standpoint this must exist and it does for this reason.
Of course this also prevents some mistakes from happening and a bad plugin cannot destroy your whole system easily and so on. It boils down to good practice.
But, in that example:
If I’m the admin it doesn’t matter I use it.
If I’m not it’s not my problem that I could get more privileges than allowed. I’d probably even use the possibility then. 😅
So it poses a risk if you allow none-admin users to do that on your system, but I still don’t see why I must choose to not use nano as root myself. 😅
Anyway, good practice to me is ease-of-use instead of with 7 protections against things that rarely happen.
Like, I’m pretty sure you are better protected from burglars if you also lock all doors inside your house, but I’m definitely not doing that either. 😅
Edit: Also, if you have users on your system, just chroot/vroot/lxc them, so they be free to ‘sudo nano’ too… 😅
sudo is not simply a tool to give admin privileges, but a tool to manage elevated permissions or run commands in a different users context.
These things become a lot more relevant once you use the tools professionally. In a well configured system you are only allowed to run the things you are explicitly allowed.
To be completely honest sudo is basically pointless in a single user context. There is almost no reason to even have it installed. It makes dealing with different environments easier though.
Anyway as I said it does not matter in many cases if you are the systems administrator. On the other hand there is also no benefit in getting used to bad practices in case you have to unlearn them later.
One more thing: what you suggest with chroot is one of the very reasons why you should not do that. You might have handed over the keys to break out of chroot. It is a well known vector which boils down to never run anything as root in a chroot environment.
It’s probably to protect against any potential security vulnerabilities in the text editor program itself, not to protect you from yourself.
Wouldn’t that logic count for anything, including sudo itself?
Sure, but sudo is specifically designed with security in mind as a security program, whereas text editors are not (although I am more likely to trust vim than vscode). Running a malicious program as the user and not as root can help mitigate the impact it could do, even though it will still be able to do a lot as a user.
Great, now all my changes are lost. Thank you very much!
wq
Thanks Sherlock.
Your welcome!