It is not advisable to use sudo
with a graphical application like gedit
, as described at this link. Accordingly, I have tended to use vim
with sudo
.
Recently I noticed my ~/.viminfo
was owned by root on a fairly fresh install of Ubuntu 16.04 (Xenial Xerus), so it had me wondering if even Vim is considered to be graphical or if there is some other problem with invoking sudo vim
. After changing ownership to myself via:
sudo find $HOME -not -user $USER -exec chown $USER:$(id -g) {} +
and subsequently running sudo vim
I was unable to have ~/.viminfo
owned by root. However, I am certain that it recently was owned by root.
Is it inadvisable to invoke sudo vim
?
Yes, it is safe.
The problem with
sudo gedit
is because GUI applications use certain files, such as~/.cache/dconf
, and after elevatedgedit
that file becomes root-owned. Well, that particular file contains user-specific settings for GUI applications, including desktop, so if the system can't read those settings - it's bad. IIRC a user can't start a particular desktop. The user's recent files datarecently-used.xbel
also gets affected.On the other hand, Vim doesn't have that problem. It uses no GUI-related database and doesn't put anything into
recently-used.xbel
. It was created for a console-only purpose, although gVim also exists. In fact, on some systems Vim is your only choice of editor. So it is safer than gedit by virtue of not causing the same problems. You're still editing as root in both cases, so you could cause problems with improper editing.According to this blog post:
While the author points out it can lead to issues, there's nothing complex - just
chown
the file back to yourself.See also:
It's also possible to use
sudoedit
to achieve this; it opens a temporary copy of the file in your editor, with your editor running as you. From the man page:This works fine with vim (it's what I generally do) and I imagine it would let you use gedit too. There are some security restrictions.
The link is very old (2013). It recommends using
gksudo
orgksu
for graphical applications but both of those are becoming obsolete. Later on the accepted answer also suggestssudo -H
though.The general consensus in the Ask Ubuntu community recently is to use:
The only problem remains that
sudo
doesn't have a profile for tab settings, extensions, word wrap, font name, font size, etc. You can inherit these from your user profile though with a wrapper script like this: How can I sync my root gedit with my user gedit's preferences?Yes, it is safe to use
sudo vim
. The problems I come across areHaving to quit the file and re-open with
sudo vim
to be able to edit.Having the root
vimrc
being the default one, not my customized useful stuff.Here's a function you can put in your
bashrc
to allow vim to automatically sudo if you can't edit the file normally.It's fine to use vi as root. There's going to be times when you need to edit a file that requires sudo or root privileges, like changing your network interfaces file, or maybe editing your sshd config file. Using root for graphical stuff is bad because people would connect to IRC or browse the web as root. If they got a virus while doing so, it would have full root access.
Something that hasn't been mentioned in the other answers is that running vim with root will give root priviledges to whatever plugins you have installed. So, the question of whether or not it is safe to run as root depends on whether you trust those plugin developers (or contributors to their project) to not own your system to its core.
Vim is typically vetted by package maintainers in all linux distributions, so it's easy to trust. However, vim plugins are typically installed directly from GitHub repos and typically have much less users auditing (maybe nil). In other words, there is not vetting process with them.
If you don't load plugins while in root, then I guess running as root depends on whether you trust vim developers. You can skip having to trust them, however, by using sudoedit which is made by the same developers of sudo, people that we've already trusted with root access anyways. GKFX and NieDzejkob have already mentioned why sudoedit is ideal. Besides the point that you don't have to trust root access to anyone else besides the developers of sudo, you can load all the plugins you've already trusted with your normal user account.